Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LexusXA Installer.msi

Overview

General Information

Sample name:LexusXA Installer.msi
Analysis ID:1565536
MD5:4a4cda00a1e1a32986cc1130d7db54ca
SHA1:57bd34c1c3372dd72d5c7ddcaa5bfb1dc387f4e2
SHA256:5d2ab1efe433963996b35b16231631e7a69a8f7c951b25009626111fbc23d560
Tags:msiStealeruser-kafan_shengui
Infos:

Detection

Score:32
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates an undocumented autostart registry key
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 1368 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\LexusXA Installer.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2108 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2996 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2492 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • LexusXA-installer-win_x64.exe (PID: 1072 cmdline: "C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" MD5: 4A1316F8CF2A432B956BBB00E6AEB2B8)
    • LexusXA-installer-win_x64.tmp (PID: 2132 cmdline: "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" MD5: C8E01A284D740A1B8962C82CD10667C2)
      • version-iexpress-x64.exe (PID: 1228 cmdline: "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe" MD5: 18E2B102B1D60F32601C0A398B34301E)
        • version-checker-win-x64.exe (PID: 5980 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe MD5: 5191B4E806CD706AF380B5995B602EAE)
          • version-checker-won-x64.exe (PID: 2144 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" MD5: A58F0BC8A2E552B1E03870D5326FF4DF)
            • version-checker-won-x64.exe (PID: 928 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" MD5: A58F0BC8A2E552B1E03870D5326FF4DF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmpReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeReversingLabs: Detection: 36%
Multi AV Scanner detection for submitted file
Source: LexusXA Installer.msiReversingLabs: Detection: 18%
Source: LexusXA Installer.msiVirustotal: Detection: 11%Perma Link
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3ED9554-CBB3-415C-8158-443CAC428D41}_is1Jump to behavior
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962475488.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962750449.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wextract.pdb source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960330766.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960887245.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960080081.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961783900.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962302905.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962835732.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9E69000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960564952.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961955049.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961618337.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962228941.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2065890283.00007FFE13211000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064719044.00007FFE11BC7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960154808.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961127995.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959913414.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960242326.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2062840065.00007FFE101D8000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962142068.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063435354.00007FFE1030E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961375118.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064850176.00007FFE11BE9000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: LexusXA Installer.msi, MSI2254.tmp.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963013495.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: version-checker-win-x64.exe, 0000000B.00000000.1929652033.0000000000E62000.00000002.00000001.01000000.00000009.sdmp, version-checker-win-x64.exe, 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960491736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: wextract.pdbGCTL source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32evtlog.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1975204597.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961701595.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961050706.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960001370.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064540196.00007FFE11BB6000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962046130.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962565963.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960806630.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961297642.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065222536.00007FFE120C3000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960967982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963099086.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961457620.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961870123.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961531762.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960418255.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962663001.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960728484.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959261581.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065006495.00007FFE11EA3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960649401.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046036710.000001690BE30000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962391189.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962927182.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062469688.00007FFE0E16D000.00000002.00000001.01000000.0000001D.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,11_2_00E3A2DF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,11_2_00E4AFB9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8985A0 FindFirstFileExW,FindClose,12_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8985A0 FindFirstFileExW,FindClose,13_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF70E8979B0
Source: Joe Sandbox ViewIP Address: 162.159.137.232 162.159.137.232
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: discord.com
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: version-checker-won-x64.exe, 0000000D.00000003.2021504685.000001690E1BE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023290334.000001690E1E5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022534829.000001690E1DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: version-checker-won-x64.exe, 0000000D.00000003.1987507341.000001690E2D4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029598317.000001690E190000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036801140.000001690E190000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027178460.000001690E18D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038514501.000001690E2E9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E2E8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E2DE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027049516.000001690E180000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021504685.000001690E17F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E2D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987884739.000001690E17B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033861124.000001690E190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049304612.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037546902.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E45C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045256351.000001690EF17000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041466247.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2040691817.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF7F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046833587.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030694032.000001690E3BE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036002859.000001690E3E8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl6e
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045256351.000001690EF17000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF8E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2037354552.000001690EC3F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG
Source: _decimal.pyd.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030725841.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032640715.000001690ECA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030490430.000001690ED31000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048348576.000001690E114000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F960000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036409532.000001690ED31000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051063182.000001690F024000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020473939.000001690ED22000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F8D4000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2049878706.000001690EB30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: version-checker-won-x64.exe, 0000000D.00000002.2049878706.000001690EB30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: version-checker-won-x64.exe, 0000000D.00000003.2031121971.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041068208.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042476755.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039655953.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025222399.000001690E2D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
Source: version-checker-won-x64.exe, 0000000D.00000003.1988066383.000001690E23F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049679813.000001690E7F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: version-checker-won-x64.exe, 0000000D.00000003.1988066383.000001690E23F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049679813.000001690E7F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037307152.000001690E458000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: version-checker-won-x64.exe, 0000000D.00000003.2037307152.000001690E458000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032640715.000001690ECA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050095522.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038793468.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030725841.000001690EC9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esh
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038064522.000001690D93B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030966298.000001690D92B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021795878.000001690D928000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035974226.000001690D937000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024265870.000001690D92A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029414073.000001690D92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/.pV
Source: version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/3
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/:pz
Source: version-checker-won-x64.exe, 0000000D.00000003.2043576857.000001690EE18000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031418055.000001690EDF8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EDE7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031316416.000001690EDF7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF8E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF8C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049095617.000001690E36D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690FA28000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2053184582.000001690FA30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035264922.000001690F071000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039483056.000001690F071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: version-checker-won-x64.exe, 0000000D.00000002.2051364495.000001690F430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: version-checker-won-x64.exe, 0000000D.00000003.2028141253.000001690EFDA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026954662.000001690EFCB000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs//T_
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048554223.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027140422.000001690EF93000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036214271.000001690E16F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043071996.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037235460.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030319144.000001690E163000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027002297.000001690E152000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048531223.000001690E164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035264922.000001690F071000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039483056.000001690F071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049095617.000001690E36D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2027515139.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025757473.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034665540.000001690ECE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F988000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051364495.000001690F430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1300091596917706774/6W6k6jJTJpU-G3EqaMlutiYbjLX_dzALpTX2CQKxP71IpXm
Source: version-checker-won-x64.exe, 0000000D.00000003.2021297220.000001690DDA4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023518940.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029300103.000001690DDB2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025856384.000001690DDAF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028261612.000001690DDB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: version-checker-won-x64.exe, 0000000D.00000003.1977287808.000001690D983000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1977187086.000001690D96E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046569910.000001690D770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: version-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E168000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: version-checker-won-x64.exe, 0000000D.00000003.2020473939.000001690ED47000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030397875.000001690ED5A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031279656.000001690ED8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: version-checker-won-x64.exe, version-checker-won-x64.exe, 0000000D.00000002.2059319622.00007FFE0071F000.00000002.00000001.01000000.00000036.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2059169501.00007FFE002B2000.00000002.00000001.01000000.00000037.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging0
Source: version-checker-won-x64.exe, 0000000D.00000002.2048235604.000001690DFF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: version-checker-won-x64.exe, 0000000D.00000002.2048059883.000001690DDF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0;
Source: version-checker-won-x64.exe, 0000000D.00000002.2046569910.000001690D6F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: version-checker-won-x64.exe, 0000000D.00000003.2022565045.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985376616.000001690D95A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985518241.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD1A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024027218.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027909987.000001690DD1D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1984963797.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985583021.000001690DCDD000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025877925.000001690DD0F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024107128.000001690DD03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396P_i
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F830000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC12000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037330027.000001690DC38000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: version-checker-won-x64.exe, 0000000D.00000002.2048235604.000001690DFF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: LexusXA-installer-win_x64.exe, 00000004.00000000.1793276311.0000000000CE1000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049228466.000001690E3D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: version-checker-won-x64.exe, 0000000D.00000003.2036335523.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026492074.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DD1F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC48000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024597365.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027703168.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028567467.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037004188.000001690E237000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030446149.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/0
Source: version-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F8F4000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: version-checker-won-x64.exe, 0000000D.00000003.2035708302.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025502210.000001690ECB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
Source: version-checker-won-x64.exe, 0000000D.00000003.2030568589.000001690E43A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023836398.000001690E435000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033552250.000001690E44A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024182006.000001690E438000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: version-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037184702.000001690E126000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/arSFX0
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyx
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsP
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsx
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlW
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036843536.000001690E422000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030348269.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028619662.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049304612.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037546902.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964138099.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: version-checker-won-x64.exe, 0000000D.00000002.2048348576.000001690E114000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: LexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2056521097.00007FFDF9FAA000.00000002.00000001.01000000.0000001C.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2059940453.00007FFE0138F000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://www.openssl.org/H
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: version-checker-won-x64.exe, 0000000D.00000003.2036335523.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026492074.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DD1F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC48000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024597365.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027703168.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028567467.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037004188.000001690E237000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030446149.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: version-checker-won-x64.exe, 0000000D.00000002.2057652727.00007FFDFA528000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: LexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: version-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: version-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/P
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E36FC6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,11_2_00E36FC6
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4cdf.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F9E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI501C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI504C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C54536A2-F634-404D-88DE-77163336AD19}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5128.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{C54536A2-F634-404D-88DE-77163336AD19}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{C54536A2-F634-404D-88DE-77163336AD19}\red.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4ce1.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4ce1.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI4F9E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4626D11_2_00E4626D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E383C011_2_00E383C0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E330FC11_2_00E330FC
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E5C0B011_2_00E5C0B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E5011311_2_00E50113
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4F3CA11_2_00E4F3CA
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E433D311_2_00E433D3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3F5C511_2_00E3F5C5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E5054811_2_00E50548
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E5C55E11_2_00E5C55E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3E51011_2_00E3E510
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E466A211_2_00E466A2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3269211_2_00E32692
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4364E11_2_00E4364E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E6065411_2_00E60654
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4F8C611_2_00E4F8C6
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4589E11_2_00E4589E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3E97311_2_00E3E973
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4397F11_2_00E4397F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3BAD111_2_00E3BAD1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3DADD11_2_00E3DADD
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4FCDE11_2_00E4FCDE
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E46CDB11_2_00E46CDB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E53CBA11_2_00E53CBA
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E35D7E11_2_00E35D7E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E53EE911_2_00E53EE9
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E33EAD11_2_00E33EAD
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3DF1211_2_00E3DF12
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E89100012_2_00007FF70E891000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B4F1012_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8AFBD812_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B5C7412_2_00007FF70E8B5C74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E89979B12_2_00007FF70E89979B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E899FCD12_2_00007FF70E899FCD
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A1F3012_2_00007FF70E8A1F30
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8AFBD812_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B572812_2_00007FF70E8B5728
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B2F2012_2_00007FF70E8B2F20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A28C012_2_00007FF70E8A28C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A504012_2_00007FF70E8A5040
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A107412_2_00007FF70E8A1074
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8AD88012_2_00007FF70E8AD880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8995FB12_2_00007FF70E8995FB
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8ACD6C12_2_00007FF70E8ACD6C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A0E7012_2_00007FF70E8A0E70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B33BC12_2_00007FF70E8B33BC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A73F412_2_00007FF70E8A73F4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E898B2012_2_00007FF70E898B20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B0B8412_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A2CC412_2_00007FF70E8A2CC4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A0C6412_2_00007FF70E8A0C64
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A148412_2_00007FF70E8A1484
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A91B012_2_00007FF70E8A91B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8AD20012_2_00007FF70E8AD200
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B518C12_2_00007FF70E8B518C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A7AAC12_2_00007FF70E8A7AAC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B8A3812_2_00007FF70E8B8A38
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A0A6012_2_00007FF70E8A0A60
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A128012_2_00007FF70E8A1280
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E89100013_2_00007FF70E891000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B4F1013_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B5C7413_2_00007FF70E8B5C74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E89979B13_2_00007FF70E89979B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E899FCD13_2_00007FF70E899FCD
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A1F3013_2_00007FF70E8A1F30
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8AFBD813_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B572813_2_00007FF70E8B5728
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B2F2013_2_00007FF70E8B2F20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A28C013_2_00007FF70E8A28C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A504013_2_00007FF70E8A5040
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A107413_2_00007FF70E8A1074
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8AD88013_2_00007FF70E8AD880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8995FB13_2_00007FF70E8995FB
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8ACD6C13_2_00007FF70E8ACD6C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A0E7013_2_00007FF70E8A0E70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B33BC13_2_00007FF70E8B33BC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A73F413_2_00007FF70E8A73F4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8AFBD813_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E898B2013_2_00007FF70E898B20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B0B8413_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A2CC413_2_00007FF70E8A2CC4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A0C6413_2_00007FF70E8A0C64
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A148413_2_00007FF70E8A1484
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A91B013_2_00007FF70E8A91B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8AD20013_2_00007FF70E8AD200
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B518C13_2_00007FF70E8B518C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A7AAC13_2_00007FF70E8A7AAC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B8A3813_2_00007FF70E8B8A38
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A0A6013_2_00007FF70E8A0A60
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A128013_2_00007FF70E8A1280
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98926013_2_00007FFDFA989260
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99221013_2_00007FFDFA992210
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA28A8013_2_00007FFDFAA28A80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9C6C1013_2_00007FFDFA9C6C10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA973BF013_2_00007FFDFA973BF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98CBF013_2_00007FFDFA98CBF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9D4BF013_2_00007FFDFA9D4BF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA979B8013_2_00007FFDFA979B80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9DBBD013_2_00007FFDFA9DBBD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9DC91013_2_00007FFDFA9DC910
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9868E013_2_00007FFDFA9868E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9B589013_2_00007FFDFA9B5890
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9E786013_2_00007FFDFA9E7860
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97286E13_2_00007FFDFA97286E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9E28B613_2_00007FFDFA9E28B6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA2A9F013_2_00007FFDFAA2A9F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA21A4013_2_00007FFDFAA21A40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9D2A2013_2_00007FFDFA9D2A20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99998013_2_00007FFDFA999980
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97F9A013_2_00007FFDFA97F9A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9B4E8013_2_00007FFDFA9B4E80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99800013_2_00007FFDFA998000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA0CFF013_2_00007FFDFAA0CFF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99702013_2_00007FFDFA997020
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9ED03013_2_00007FFDFA9ED030
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9CCD0013_2_00007FFDFA9CCD00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9ACC7913_2_00007FFDFA9ACC79
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97BCC013_2_00007FFDFA97BCC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1FCA013_2_00007FFDFAA1FCA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9BBCB013_2_00007FFDFA9BBCB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA989CB013_2_00007FFDFA989CB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9CBD8013_2_00007FFDFA9CBD80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99DD9013_2_00007FFDFA99DD90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA02D9013_2_00007FFDFAA02D90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9F4D9013_2_00007FFDFA9F4D90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA980D7013_2_00007FFDFA980D70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA08DD013_2_00007FFDFAA08DD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9FADD013_2_00007FFDFA9FADD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9C0DB013_2_00007FFDFA9C0DB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97731613_2_00007FFDFA977316
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99F2E013_2_00007FFDFA99F2E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99D2F013_2_00007FFDFA99D2F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98C33013_2_00007FFDFA98C330
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA2826013_2_00007FFDFAA28260
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9732D513_2_00007FFDFA9732D5
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA3444013_2_00007FFDFAA34440
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1643013_2_00007FFDFAA16430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9D742013_2_00007FFDFA9D7420
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9FA43013_2_00007FFDFA9FA430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1B3C013_2_00007FFDFAA1B3C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97410013_2_00007FFDFA974100
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9FC0F013_2_00007FFDFA9FC0F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA171F013_2_00007FFDFAA171F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98D25013_2_00007FFDFA98D250
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9FE22013_2_00007FFDFA9FE220
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA2518013_2_00007FFDFAA25180
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98219013_2_00007FFDFA982190
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1E17013_2_00007FFDFAA1E170
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9CE74013_2_00007FFDFA9CE740
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9CB67013_2_00007FFDFA9CB670
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97480013_2_00007FFDFA974800
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA2985013_2_00007FFDFAA29850
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97A85013_2_00007FFDFA97A850
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9D079013_2_00007FFDFA9D0790
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9F87D013_2_00007FFDFA9F87D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9BA54013_2_00007FFDFA9BA540
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA97455013_2_00007FFDFA974550
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9E448013_2_00007FFDFA9E4480
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA2747013_2_00007FFDFAA27470
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9794C013_2_00007FFDFA9794C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1A4A013_2_00007FFDFAA1A4A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA98360013_2_00007FFDFA983600
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA175F013_2_00007FFDFAA175F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAA1563013_2_00007FFDFAA15630
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99456013_2_00007FFDFA994560
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA9A15A013_2_00007FFDFA9A15A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFA99E5A013_2_00007FFDFA99E5A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFF17188013_2_00007FFDFF171880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFF1712F013_2_00007FFDFF1712F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0179211013_2_00007FFE01792110
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE01791D4013_2_00007FFE01791D40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE02A121C013_2_00007FFE02A121C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE02A11F1013_2_00007FFE02A11F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0B2C1FA013_2_00007FFE0B2C1FA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0A205013_2_00007FFE0C0A2050
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0A1F4013_2_00007FFE0C0A1F40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0B22D013_2_00007FFE0C0B22D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0B1D4013_2_00007FFE0C0B1D40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0C216013_2_00007FFE0C0C2160
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF8207013_2_00007FFE0CF82070
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF97CB813_2_00007FFE0CF97CB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: String function: 00E4E2F0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: String function: 00E4D870 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: String function: 00E4D940 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: String function: 00007FF70E892760 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: String function: 00007FF70E8925F0 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: String function: 00007FFDFA97A490 appears 178 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: String function: 00007FFDFA979330 appears 136 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: String function: 00007FFDFA9A1E20 appears 33 times
Source: LexusXA-installer-win_x64.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-KAK7L.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LOG4N.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 18065000 bytes, 1 file, at 0x2c +A "version-checker-win-x64.exe", ID 2562, number 1, 556 datablocks, 0x1503 compression
Source: _overlapped.pyd.12.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.12.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: LexusXA-installer-win_x64.tmp.4.drStatic PE information: Number of sections : 11 > 10
Source: is-KAK7L.tmp.5.drStatic PE information: Number of sections : 11 > 10
Source: LexusXA-installer-win_x64.exe.1.drStatic PE information: Number of sections : 11 > 10
Source: api-ms-win-core-file-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: python3.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
Source: LexusXA Installer.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs LexusXA Installer.msi
Source: classification engineClassification label: sus32.spyw.winMSI@17/165@1/1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E36D06 GetLastError,FormatMessageW,11_2_00E36D06
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4963A FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,11_2_00E4963A
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LexusORGJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2254.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCommand line argument: ps11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCommand line argument: sfxname11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCommand line argument: sfxstime11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCommand line argument: STARTDLG11_2_00E4CBB8
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: version-checker-won-x64.exe, version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000003.2023437480.000001690F0A6000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F087000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: LexusXA Installer.msiReversingLabs: Detection: 18%
Source: LexusXA Installer.msiVirustotal: Detection: 11%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\LexusXA Installer.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0
Source: unknownProcess created: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe "C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeProcess created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe"
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeProcess created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: pywintypes312.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Lexus.lnk.5.drLNK file: ..\..\..\..\..\Local\Programs\Lexus\version-iexpress-x64.exe
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpAutomated click: Next
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3ED9554-CBB3-415C-8158-443CAC428D41}_is1Jump to behavior
Source: LexusXA Installer.msiStatic file information: File size 21343744 > 1048576
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962475488.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962750449.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wextract.pdb source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960330766.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960887245.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960080081.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961783900.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962302905.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962835732.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9E69000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960564952.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961955049.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961618337.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962228941.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2065890283.00007FFE13211000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064719044.00007FFE11BC7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960154808.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961127995.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959913414.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960242326.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2062840065.00007FFE101D8000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962142068.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063435354.00007FFE1030E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961375118.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064850176.00007FFE11BE9000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: LexusXA Installer.msi, MSI2254.tmp.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963013495.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: version-checker-win-x64.exe, 0000000B.00000000.1929652033.0000000000E62000.00000002.00000001.01000000.00000009.sdmp, version-checker-win-x64.exe, 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960491736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: wextract.pdbGCTL source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32evtlog.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1975204597.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961701595.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961050706.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960001370.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064540196.00007FFE11BB6000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962046130.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962565963.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960806630.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961297642.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065222536.00007FFE120C3000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960967982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963099086.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961457620.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961870123.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961531762.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960418255.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962663001.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960728484.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959261581.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065006495.00007FFE11EA3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960649401.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046036710.000001690BE30000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962391189.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962927182.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062469688.00007FFE0E16D000.00000002.00000001.01000000.0000001D.sdmp
Source: is-LOG4N.tmp.5.drStatic PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_7048734Jump to behavior
Source: MSI2254.tmp.0.drStatic PE information: section name: .fptable
Source: MSI22D2.tmp.0.drStatic PE information: section name: .fptable
Source: MSI2312.tmp.0.drStatic PE information: section name: .fptable
Source: MSI2332.tmp.0.drStatic PE information: section name: .fptable
Source: MSI2362.tmp.0.drStatic PE information: section name: .fptable
Source: MSI242E.tmp.0.drStatic PE information: section name: .fptable
Source: MSI245E.tmp.0.drStatic PE information: section name: .fptable
Source: MSI5736.tmp.0.drStatic PE information: section name: .fptable
Source: MSI5766.tmp.0.drStatic PE information: section name: .fptable
Source: LexusXA-installer-win_x64.exe.1.drStatic PE information: section name: .didata
Source: MSI501C.tmp.1.drStatic PE information: section name: .fptable
Source: MSI504C.tmp.1.drStatic PE information: section name: .fptable
Source: MSI4F9E.tmp.1.drStatic PE information: section name: .fptable
Source: LexusXA-installer-win_x64.tmp.4.drStatic PE information: section name: .didata
Source: is-KAK7L.tmp.5.drStatic PE information: section name: .didata
Source: libcrypto-3.dll.12.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.12.drStatic PE information: section name: .00cfg
Source: python312.dll.12.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.12.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.12.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E336 push ecx; ret 11_2_00E4E349
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4D870 push eax; ret 11_2_00E4D88E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI22D2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F9E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2332.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeFile created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5736.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5766.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\sqlite3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32api.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R6R4G.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI242E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI504C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI501C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2312.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32evtlog.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_sqlite3.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI245E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2362.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpFile created: C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32crypt.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\python312.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2254.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32\pywintypes312.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\ucrtbase.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\libssl-3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\libffi-8.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI504C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F9E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI501C.tmpJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey value created or modified: HKEY_CURRENT_USER_Classes\.exe\OpenWithProgids LexusFile.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpKey value created or modified: HKEY_CURRENT_USER_Classes\.exe\OpenWithProgids LexusFile.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8950B0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_00007FF70E8950B0
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI22D2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4F9E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2332.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5736.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5766.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32api.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R6R4G.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI242E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI504C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI501C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2312.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32evtlog.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_sqlite3.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI245E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2362.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32crypt.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\python312.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2254.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-17873
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeAPI coverage: 1.7 %
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,11_2_00E3A2DF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,11_2_00E4AFB9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8985A0 FindFirstFileExW,FindClose,12_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8985A0 FindFirstFileExW,FindClose,13_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4D353 VirtualQuery,GetSystemInfo,11_2_00E4D353
Source: version-checker-won-x64.exe, 0000000D.00000003.2024648350.000001690D8FF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042787443.000001690D902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWi
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeAPI call chain: ExitProcess graph end nodegraph_11-23385
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00E4E4F5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E56AF3 mov eax, dword ptr fs:[00000030h]11_2_00E56AF3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E5ACA1 GetProcessHeap,11_2_00E5ACA1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00E4E4F5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E643 SetUnhandledExceptionFilter,11_2_00E4E643
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E7FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00E4E7FB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E57BE1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00E57BE1
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E89C62C SetUnhandledExceptionFilter,12_2_00007FF70E89C62C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E89BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF70E89BBC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E89C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF70E89C44C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF70E8A9924
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E89C62C SetUnhandledExceptionFilter,13_2_00007FF70E89C62C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E89BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF70E89BBC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E89C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF70E89C44C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FF70E8A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF70E8A9924
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFAAA2BE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFDFAAA2BE0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFF173028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFDFF173028
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFDFF172A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFDFF172A70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0029E90C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0029E90C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE01791960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE01791960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE01791390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE01791390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE02A11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE02A11960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE02A11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE02A11390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE08ED1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE08ED1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE08ED1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE08ED1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0B2C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0B2C1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0B2C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0B2C1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0A1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0C0A1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0A1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0C0A1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0B1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0C0B1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0B1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0C0B1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0C0C1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0C0C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0C0C1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF81960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0CF81960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF81390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0CF81390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF9BEE0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFE0CF9BEE0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF9B920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFE0CF9B920
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE00298D60 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,13_2_00007FFE00298D60
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E4E34B cpuid 11_2_00E4E34B
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: GetLocaleInfoW,GetNumberFormatW,11_2_00E49D99
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\certifi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exeCode function: 10_2_00007FF7CC9C8964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,10_2_00007FF7CC9C8964
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 12_2_00007FF70E8B4F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,12_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exeCode function: 11_2_00E3A995 GetVersionExW,11_2_00E3A995

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF96BD4 PyFloat_Type,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyObject_CheckBuffer,PyErr_Format,sqlite3_bind_null,PyObject_GetBuffer,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,sqlite3_bind_blob,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyFloat_AsDouble,PyErr_Occurred,sqlite3_bind_double,PyErr_Occurred,sqlite3_bind_int64,13_2_00007FFE0CF96BD4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF94EC0 PyEval_SaveThread,sqlite3_bind_parameter_count,PyEval_RestoreThread,PyTuple_Type,sqlite3_bind_parameter_name,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyLong_AsLongLongAndOverflow,sqlite3_bind_int64,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyTuple_Pack,PyDict_GetItemWithError,_Py_Dealloc,PyErr_Occurred,_PyObject_LookupAttr,_PyObject_LookupAttr,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyType_IsSubtype,PyObject_CheckBuffer,PyObject_GetBuffer,sqlite3_bind_blob,PyBuffer_Release,sqlite3_bind_null,PyFloat_AsDouble,sqlite3_bind_double,PyEval_SaveThread,sqlite3_bind_parameter_name,PyEval_RestoreThread,PyUnicode_FromString,PyDict_Type,PyDict_GetItemWithError,_Py_Dealloc,PyExc_DeprecationWarning,PyErr_WarnFormat,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PyList_GetItem,PyObject_CallOneArg,_Py_Dealloc,PyErr_Occurred,PyErr_Occurred,PyErr_Format,PyObject_CallOneArg,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,PyExc_OverflowError,PyErr_SetString,PySequence_Check,PyTuple_Type,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PySequence_Size,PyErr_Format,PyObject_GetItem,PyErr_Occurred,PyErr_Format,PyErr_Format,PyErr_SetString,PySequence_GetItem,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_LookupError,PyErr_ExceptionMatches,_Py_Dealloc,PyObject_CallOneArg,_Py_Dealloc,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,_Py_Dealloc,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyErr_Occurred,13_2_00007FFE0CF94EC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exeCode function: 13_2_00007FFE0CF950DC PyLong_AsLongLongAndOverflow,sqlite3_bind_int64,PyTuple_Pack,PyDict_GetItemWithError,_Py_Dealloc,PyErr_Occurred,_PyObject_LookupAttr,_PyObject_LookupAttr,PyLong_Type,PyFloat_Type,PyUnicode_Type,13_2_00007FFE0CF950DC

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
Windows Service		1
Windows Service		2
Obfuscated Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		1
Software Packing		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Registry Run Keys / Startup Folder		1
Timestomp		NTDS36
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials131
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
Masquerading		DCSync1
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565536 Sample: LexusXA Installer.msi Startdate: 30/11/2024 Architecture: WINDOWS Score: 32 79 discord.com 2->79 85 Multi AV Scanner detection for dropped file 2->85 87 Multi AV Scanner detection for submitted file 2->87 11 LexusXA-installer-win_x64.exe 2 2->11         started        14 msiexec.exe 14 2->14         started        16 msiexec.exe 82 35 2->16         started        signatures3 process4 file5 59 C:\Users\...\LexusXA-installer-win_x64.tmp, PE32 11->59 dropped 18 LexusXA-installer-win_x64.tmp 31 12 11->18         started        61 C:\Users\user\AppData\Local\...\MSI5766.tmp, PE32 14->61 dropped 63 C:\Users\user\AppData\Local\...\MSI5736.tmp, PE32 14->63 dropped 65 C:\Users\user\AppData\Local\...\MSI245E.tmp, PE32 14->65 dropped 75 6 other malicious files 14->75 dropped 67 C:\Windows\Installer\MSI504C.tmp, PE32 16->67 dropped 69 C:\Windows\Installer\MSI501C.tmp, PE32 16->69 dropped 71 C:\Windows\Installer\MSI4F9E.tmp, PE32 16->71 dropped 73 C:\...\LexusXA-installer-win_x64.exe, PE32 16->73 dropped 22 msiexec.exe 16->22         started        24 msiexec.exe 16->24         started        process6 file7 49 C:\Users\...\version-iexpress-x64.exe (copy), PE32+ 18->49 dropped 51 C:\Users\user\AppData\...\unins000.exe (copy), PE32 18->51 dropped 53 C:\Users\user\AppData\Local\...\is-LOG4N.tmp, PE32+ 18->53 dropped 55 2 other files (1 malicious) 18->55 dropped 89 Creates an undocumented autostart registry key 18->89 26 version-iexpress-x64.exe 3 18->26         started        signatures8 process9 file10 57 C:\Users\user\...\version-checker-win-x64.exe, PE32 26->57 dropped 29 version-checker-win-x64.exe 12 26->29         started        process11 file12 77 C:\Users\user\...\version-checker-won-x64.exe, PE32+ 29->77 dropped 93 Multi AV Scanner detection for dropped file 29->93 33 version-checker-won-x64.exe 136 29->33         started        signatures13 process14 file15 41 C:\Users\user\AppData\...\win32evtlog.pyd, PE32+ 33->41 dropped 43 C:\Users\user\AppData\...\win32crypt.pyd, PE32+ 33->43 dropped 45 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 33->45 dropped 47 107 other files (68 malicious) 33->47 dropped 83 Multi AV Scanner detection for dropped file 33->83 37 version-checker-won-x64.exe 2 33->37         started        signatures16 process17 dnsIp18 81 discord.com 162.159.137.232, 443, 49737 CLOUDFLARENETUS United States 37->81 91 Tries to harvest and steal browser information (history, passwords, etc) 37->91 signatures19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LexusXA Installer.msi18%ReversingLabsWin32.Trojan.Generic
LexusXA Installer.msi11%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe33%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp38%ReversingLabsWin64.Trojan.Generic
C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)38%ReversingLabsWin64.Trojan.Generic
C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe42%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\MSI2254.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI22D2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2312.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2332.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2362.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI242E.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI245E.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI5736.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI5766.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe37%ReversingLabsWin64.Trojan.PySpy
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/.pV0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/P0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyx0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlW0%Avira URL Cloudsafe
http://repository.swisssign.com/30%Avira URL Cloudsafe
https://upload.pypi.org/legacy/arSFX00%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsP0%Avira URL Cloudsafe
http://ocsp.accv.esh0%Avira URL Cloudsafe
http://repository.swisssign.com/30%VirustotalBrowse
https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlW0%VirustotalBrowse
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyx0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
discord.com
162.159.137.232
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupULexusXA-installer-win_x64.exe, 00000004.00000000.1793276311.0000000000CE1000.00000020.00000001.01000000.00000003.sdmpfalse
      		high
      https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfversion-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://repository.swisssign.com/.pVversion-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesversion-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://aka.ms/vcpython27version-checker-won-x64.exe, 0000000D.00000003.2021504685.000001690E1BE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023290334.000001690E1E5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022534829.000001690E1DD000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://cloud.google.com/appengine/docs/standard/runtimesversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://github.com/mhammond/pywin32version-checker-won-x64.exe, version-checker-won-x64.exe, 0000000D.00000002.2059319622.00007FFE0071F000.00000002.00000001.01000000.00000036.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2059169501.00007FFE002B2000.00000002.00000001.01000000.00000037.sdmpfalse
                		high
                http://docs.python.org/library/unittest.htmlversion-checker-won-x64.exe, 0000000D.00000003.2031121971.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041068208.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042476755.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039655953.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025222399.000001690E2D3000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://setuptools.pypa.io/en/latest/version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://repository.swisssign.com/3version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC3A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/pyca/cryptography/actions?query=workflow%3ACIversion-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://wwww.certigna.fr/autorites/Pversion-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://tools.ietf.org/html/rfc2388#section-4.4version-checker-won-x64.exe, 0000000D.00000003.2030568589.000001690E43A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023836398.000001690E435000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033552250.000001690E44A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024182006.000001690E438000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyxversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.apache.org/licenses/LICENSE-2.0version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964138099.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://packaging.python.org/en/latest/specifications/core-metadata/version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64version-checker-won-x64.exe, 0000000D.00000003.2021297220.000001690DDA4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023518940.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029300103.000001690DDB2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025856384.000001690DDAF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028261612.000001690DDB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/pypa/packagingversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://refspecs.linuxfoundation.org/elf/gabi4version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.remobjects.com/psLexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmpfalse
                                        		high
                                        https://www.innosetup.com/LexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmpfalse
                                          		high
                                          https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlWversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://docs.python.org/3/library/subprocess#subprocess.Popen.killversion-checker-won-x64.exe, 0000000D.00000002.2049878706.000001690EB30000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://tools.ietf.org/html/rfc3610version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/platformdirs/platformdirsversion-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://peps.python.org/pep-0205/version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.dhimyotis.com/certignarootca.crlversion-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045256351.000001690EF17000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://curl.haxx.se/rfc/cookie_spec.htmlversion-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ocsp.accv.esversion-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeversion-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://upload.pypi.org/legacy/arSFX0version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688version-checker-won-x64.exe, 0000000D.00000002.2046569910.000001690D6F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/getversion-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F830000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC12000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037330027.000001690DC38000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://httpbin.org/version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://packaging.python.org/en/latest/specifications/entry-points/version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessversion-checker-won-x64.exe, 0000000D.00000003.2035708302.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025502210.000001690ECB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://pypi.org/project/build/).version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://wwww.certigna.fr/autorites/0mversion-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerversion-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://foo/bar.tgzversion-checker-won-x64.exe, 0000000D.00000003.1988066383.000001690E23F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049679813.000001690E7F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/python/cpython/issues/86361.version-checker-won-x64.exe, 0000000D.00000003.2022565045.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985376616.000001690D95A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985518241.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD1A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024027218.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027909987.000001690DD1D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1984963797.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985583021.000001690DCDD000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025877925.000001690DD0F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024107128.000001690DD03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://httpbin.org/version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.apache.org/licenses/version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainversion-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://wwww.certigna.fr/autorites/version-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzversion-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036843536.000001690E422000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030348269.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028619662.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049304612.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037546902.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.cert.fnmt.es/dpcs//T_version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theversion-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050095522.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038793468.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030725841.000001690EC9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cryptography.io/en/latest/installation/version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syversion-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.python.org/psf/license/version-checker-won-x64.exe, 0000000D.00000002.2057652727.00007FFDFA528000.00000008.00000001.01000000.0000000F.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/library/multiprocessing.htmlversion-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E168000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401version-checker-won-x64.exe, 0000000D.00000002.2048059883.000001690DDF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.securetrust.com/STCA.crlversion-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://wwwsearch.sf.net/):version-checker-won-x64.exe, 0000000D.00000003.2027515139.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025757473.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034665540.000001690ECE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.accv.es/legislacion_c.htmversion-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tools.ietf.org/html/rfc6125#section-6.4.3version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cryptography.io/en/latest/security/version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://bugs.python.org/issue44497.version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.cert.fnmt.es/dpcs/version-checker-won-x64.exe, 0000000D.00000003.2028141253.000001690EFDA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026954662.000001690EFCB000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://packaging.python.org/specifications/entry-points/version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/jaraco/jaraco.functools/issues/5version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.accv.es00version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.python.org/psf/license/)version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyversion-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.rfc-editor.org/info/rfc7253version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035264922.000001690F071000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039483056.000001690F071000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/pyca/cryptography/issuesversion-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfversion-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://readthedocs.org/projects/cryptography/badge/?version=latestversion-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://google.com/version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037307152.000001690E458000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://mahler:8092/site-updates.pyversion-checker-won-x64.exe, 0000000D.00000003.2036335523.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026492074.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DD1F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC48000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024597365.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027703168.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028567467.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037004188.000001690E237000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030446149.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0;version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/python/importlib_metadata/issues/396P_iversion-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crl.securetrust.com/SGCA.crlversion-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://.../back.jpegversion-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://tools.ietf.org/html/rfc7231#section-4.3.6)version-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037184702.000001690E126000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tools.ietf.org/html/rfc5869version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/pyca/cryptographyversion-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlversion-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cryptography.io/version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://httpbin.org/postversion-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/pyca/cryptography/version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/Ousret/charset_normalizerversion-checker-won-x64.exe, 0000000D.00000003.2020473939.000001690ED47000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030397875.000001690ED5A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031279656.000001690ED8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/urllib3/urllib3/issues/497version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.firmaprofesional.com/cps0version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048554223.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027140422.000001690EF93000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036214271.000001690E16F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043071996.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037235460.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsPversion-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://ocsp.accv.eshversion-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF8E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://crl.securetrust.com/STCA.crl0version-checker-won-x64.exe, 0000000D.00000003.2037354552.000001690EC3F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://yahoo.com/version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030319144.000001690E163000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027002297.000001690E152000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048531223.000001690E164000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high

                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                            Public IPs

                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                            162.159.137.232
                                                                                                                                                                                            		discord.comUnited States
                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                            General Information

                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                            Analysis ID:1565536
                                                                                                                                                                                            Start date and time:2024-11-30 05:57:11 +01:00
                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                            Overall analysis duration:0h 10m 2s
                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                            Report type:full
                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                            Number of analysed new started processes analysed:16
                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                            Technologies:
                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                            Sample name:LexusXA Installer.msi
                                                                                                                                                                                            Detection:SUS
                                                                                                                                                                                            Classification:sus32.spyw.winMSI@17/165@1/1
                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                            • Successful, ratio: 75%
                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                            • Found application associated with file extension: .msi

                                                                                                                                                                                            Warnings

                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                            • Execution Graph export aborted for target version-iexpress-x64.exe, PID 1228 because there are no executed function
                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                                            Simulations

                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                            No simulations

                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                            IPs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            162.159.137.232EsgeCzT4do.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                              program.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                NEVER OPEN!.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                                                                                                                                                                                  YDW0S5K7hi.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                    Xyq6rvzLJs.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                      CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          SecuriteInfo.com.FileRepMalware.22561.28030.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                            570ZenR882.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Ff0ZjqSI9Y.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                discord.comVzhY4BcvBH.exeGet hashmaliciousAsyncRAT, RedLine, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                5QnwxSJVyX.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                                                                main.exeGet hashmaliciousBlank Grabber, SilentXMRMiner, XmrigBrowse
                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                EsgeCzT4do.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                • 162.159.137.232
                                                                                                                                                                                                                cmd.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                                                                spacers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                                                                EternalPredictor.exeGet hashmaliciousBlank Grabber, Skuld Stealer, XWormBrowse
                                                                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                                                                program.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                • 162.159.137.232
                                                                                                                                                                                                                RuntimeusererVers.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                • 162.159.138.232

                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 172.67.165.166
                                                                                                                                                                                                                qNdO4D18CF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                • 172.66.0.102
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 104.21.16.9
                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                • 104.21.16.9
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 172.67.165.166
                                                                                                                                                                                                                saloader.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                                • 162.159.129.233
                                                                                                                                                                                                                ONHQNHFT.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 172.67.141.133
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 172.67.165.166
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 172.67.165.166
                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                • 104.21.75.163

                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Config.Msi\6b4ce0.rbs

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):8449
                                                                                                                                                                                                                Entropy (8bit):5.577248220287096
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:Wg67MFjPkTu13Nw2Levy/s03UxodNPWCsThqLCUxodNPWC6jTVH7ThqLNHou58Sm:WxTQLeqlk2FIQ2FCqvxXp01
                                                                                                                                                                                                                MD5:9372F91F45273E3F6480F602F8C6418D
                                                                                                                                                                                                                SHA1:46AEFAD234936BDDD3CFB97B3AC544C1F6B4AADE
                                                                                                                                                                                                                SHA-256:EF7F7E46375CBF03174B281C1C9E88EA11BF0F83D1EC6B45B1025CFFEB962DB1
                                                                                                                                                                                                                SHA-512:66DDD038F8B8AE94D00B0A5100C0C8D20AEE46AD7DBC60E4C0714C9A72AC1E1FABDCF1B43070AEED048154FA1A0898FC07FE97233A3A92033E63182F6B31D1A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview:...@IXOS.@.....@G.}Y.@.....@.....@.....@.....@.....@......&.{C54536A2-F634-404D-88DE-77163336AD19}..LexusXA Installer..LexusXA Installer.msi.@.....@.....@.....@......red.exe..&.{6E016F4D-F842-4D13-BDA0-1D990584865D}.....@.....@.....@.....@.......@.....@.....@.......@......LexusXA Installer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{AEFDAAB7-0FA2-4559-A94E-055CC6BE8FEB}&.{C54536A2-F634-404D-88DE-77163336AD19}.@......&.{70DFDFCE-608B-4FB5-8825-1CA66A245E79}&.{C54536A2-F634-404D-88DE-77163336AD19}.@......&.{9056868B-8C66-444E-BB1D-D0CA92DF6E58}&.{C54536A2-F634-404D-88DE-77163336AD19}.@........CreateFolders..Creating folders..Folder: [1]#.2.C:\Program Files (x86)\LexusORG\LexusXA Installer\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..2.C:\Program Files (x86)\LexusORG\LexusXA Installer\....O.C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-in

                                                                                                                                                                                                                C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20133249
                                                                                                                                                                                                                Entropy (8bit):7.992713508250193
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:393216:rcnUpN33OZzSqPcAls+0DWjcukbdlDBSarqbVcAUfyU6b:4nU/+Fc6soGJhrqbVcrZO
                                                                                                                                                                                                                MD5:4A1316F8CF2A432B956BBB00E6AEB2B8
                                                                                                                                                                                                                SHA1:25F75514EFE765F8F63F724368A736334195A179
                                                                                                                                                                                                                SHA-256:24AE8CFAAD6E0C387A1A052A29F55A01E2D97FB63F4A01EF3CCA48354A98D9FB
                                                                                                                                                                                                                SHA-512:07E4803635DB6AFF962998EF1900CADCC5809FC0984A6A099729231BC2257E76401E439076ADD45A8B55C219305B21284A69D85813616748A80C0C592402043B
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t........................@.......................................@......@...................p..q....P...........E...........................................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc....E.......F..................@..@....................................@..@................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3308605
                                                                                                                                                                                                                Entropy (8bit):6.5671939633705705
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:ldJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQN333KT:bJYVM+LtVt3P/KuG2ONG9iqLRQN333a
                                                                                                                                                                                                                MD5:6CE6B64DF03F4B3B7300D8436C6270A2
                                                                                                                                                                                                                SHA1:D2FFED8202462C15BA363261C1DC3297F29D466C
                                                                                                                                                                                                                SHA-256:9F7983294B20121A781E395431C9236B87C7CF51869D1848A441CD1F80BA3AED
                                                                                                                                                                                                                SHA-512:75FCA82913AC3FA1D77AC643CDC6A0418C990E930202525E634D6938B58E87933D2C83C8D6D365CD25AC2C279A933752DC832D83B0FB7EED196955EC6A63CA1A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..X........*.......*...@...........................2...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18222592
                                                                                                                                                                                                                Entropy (8bit):7.999140728183588
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:393216:pmxB7gGhcgOhRITRP87kAt1zDB5uuICSnumNZrfcdRcXlb2tX/:yZVey84y1DuuxlkidCXUx
                                                                                                                                                                                                                MD5:18E2B102B1D60F32601C0A398B34301E
                                                                                                                                                                                                                SHA1:5861D5AF0860C5CC9079A22098776554F30AFCFB
                                                                                                                                                                                                                SHA-256:8FB310C297EAC63271E1E894AFC93EDF992B4FE9D9DFEBEBD496C8651C5F2C96
                                                                                                                                                                                                                SHA-512:672357A8DE1AC9D82D90374DCAB15162CFEB0257C385CCB6642D1A87FA3B288766FC6885C35E2FEDB7B8824DC160AAA9DE1286817F3FCB977DE2727D61849A59
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......|.....................@.............................`.......s....`.......... ......................................<............\...................P.. .......T...........................................(... ............................text....{.......|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc....`.......^..................@..@.reloc.. ....P......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\Lexus\unins000.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:InnoSetup Log 64-bit Lexus {C3ED9554-CBB3-415C-8158-443CAC428D41}, version 0x418, 2002 bytes, 216865\37\user\376, C:\Users\user\AppData\Local\Programs\Lexu
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2002
                                                                                                                                                                                                                Entropy (8bit):3.4698419653902017
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:tLC9GI9G/iCy1m9GS9Ge8iCyTiCy9+wxvY3xd3xeUhuW:1UC0oCJC5wm3L3Hh1
                                                                                                                                                                                                                MD5:869F35CC8270914B860B1FE4CF0C56CF
                                                                                                                                                                                                                SHA1:7F6B2993DA64619FEAF7151D662CB6668944E683
                                                                                                                                                                                                                SHA-256:554E140163C369E8AC5F5591EC82FA78348CBA7C9411BCB244F395D386FDD0A0
                                                                                                                                                                                                                SHA-512:46C067AFB5014BE6920D61824A17B18D562FACD3C9BBACD8A9D8C809259E0F6B91BFE82DCC122EA7CED81C37AD8B991D1CCBACB5F12C9BF62679B73C250ACEAF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Inno Setup Uninstall Log (b) 64-bit.............................{C3ED9554-CBB3-415C-8158-443CAC428D41}..........................................................................................Lexus.......................................................................................................................................$...............................................................................................................X..0........I..................2.1.6.8.6.5......j.o.n.e.s......C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.L.e.x.u.s................:...... .....6..................C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.L.e.x.u.s..d...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.(.D.e.f.a.u.l.t.)......(.D.e.f.a.u.l.t.)......e.n.g.l.i.s.h........................."...\........C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3308605
                                                                                                                                                                                                                Entropy (8bit):6.5671939633705705
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:ldJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQN333KT:bJYVM+LtVt3P/KuG2ONG9iqLRQN333a
                                                                                                                                                                                                                MD5:6CE6B64DF03F4B3B7300D8436C6270A2
                                                                                                                                                                                                                SHA1:D2FFED8202462C15BA363261C1DC3297F29D466C
                                                                                                                                                                                                                SHA-256:9F7983294B20121A781E395431C9236B87C7CF51869D1848A441CD1F80BA3AED
                                                                                                                                                                                                                SHA-512:75FCA82913AC3FA1D77AC643CDC6A0418C990E930202525E634D6938B58E87933D2C83C8D6D365CD25AC2C279A933752DC832D83B0FB7EED196955EC6A63CA1A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..X........*.......*...@...........................2...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18222592
                                                                                                                                                                                                                Entropy (8bit):7.999140728183588
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:393216:pmxB7gGhcgOhRITRP87kAt1zDB5uuICSnumNZrfcdRcXlb2tX/:yZVey84y1DuuxlkidCXUx
                                                                                                                                                                                                                MD5:18E2B102B1D60F32601C0A398B34301E
                                                                                                                                                                                                                SHA1:5861D5AF0860C5CC9079A22098776554F30AFCFB
                                                                                                                                                                                                                SHA-256:8FB310C297EAC63271E1E894AFC93EDF992B4FE9D9DFEBEBD496C8651C5F2C96
                                                                                                                                                                                                                SHA-512:672357A8DE1AC9D82D90374DCAB15162CFEB0257C385CCB6642D1A87FA3B288766FC6885C35E2FEDB7B8824DC160AAA9DE1286817F3FCB977DE2727D61849A59
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......|.....................@.............................`.......s....`.......... ......................................<............\...................P.. .......T...........................................(... ............................text....{.......|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc....`.......^..................@..@.reloc.. ....P......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18201888
                                                                                                                                                                                                                Entropy (8bit):7.998318944962498
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:393216:Fm1gr1pHcLWZNIciK8UKyStalGn90TC/Y+Xr9eX0O5+tZiRi5uV:6Sbnf8Vbtz90OV7lOAt6WQ
                                                                                                                                                                                                                MD5:5191B4E806CD706AF380B5995B602EAE
                                                                                                                                                                                                                SHA1:09E5DCE684BF9121D705A6A896A6C1F8579209E5
                                                                                                                                                                                                                SHA-256:0F24EDB24E592ACA6A2F13C7A2862F2F9B52E1E698A2E6F29A37C03F3BC880DD
                                                                                                                                                                                                                SHA-512:CBE70FAC4DE9C5F81742A0B29FB5FD5210AA0B9EBFE98F4ED6DEC1C9DECF76C81716D83E3D3FBC2DD86605813744945791A3CF121A6E2B1CC08DD5AB6AF75A4E
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'...Rich&...................PE..L....}|^..................................... ....@..........................0............@.........................@...4...t...<.... ...........................!.....T............................B..@............ ..`...... ....................text............................... ..`.rdata..2.... ......................@..@.data....8..........................@....gfids..............................@..@.rsrc........ ......................@..@.reloc...!......."..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI2254.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI22D2.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI2312.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI2332.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI2362.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI242E.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI245E.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI5736.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSI5766.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\L.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\decrypted_logins.csv

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19
                                                                                                                                                                                                                Entropy (8bit):3.6818808028034042
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:q+W+/WSAyn:jWSV9
                                                                                                                                                                                                                MD5:A3269E1007D62C043A313E8722F7E4F3
                                                                                                                                                                                                                SHA1:BE251897574FD11778D69433A93102BC9C00C569
                                                                                                                                                                                                                SHA-256:FD49408983C16A4A58869186AF93EA19542EF841C206FD0FFBEE7B6AB54A5958
                                                                                                                                                                                                                SHA-512:B382491748326EDBFFC6ED0ECD34A819C537BF7C7122FEF6C0EF24045D2F2D2D98AD62B7F8CC85EEDED558FBAF34D5F5A67A0CE196FE204A3FCC9685AB6B14C0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:URL,User,Password..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18301069
                                                                                                                                                                                                                Entropy (8bit):7.996888036807003
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:393216:B6AcUXZL01+l+uq+Vvz1+TtIiFo0VkscWLeG2tP6cjE4:wi01+l+uqgvz1QtIm5f2tPFE4
                                                                                                                                                                                                                MD5:A58F0BC8A2E552B1E03870D5326FF4DF
                                                                                                                                                                                                                SHA1:B0C37EE7AF3AD3626B9A005FC9B2E52E911D9D28
                                                                                                                                                                                                                SHA-256:583DC0AC9E770DEC48873564CD2D30C672880AADF1D88E2D499C6E3544F177B1
                                                                                                                                                                                                                SHA-512:20BA823BD5252F34BF359107EE16B57BF64BF87DE37601C2C4108D95BA5EA7AEE7B48CBF8AF3A8218516376C5E673DEBFF2088018ED23FC045EC4AA4FD72F340
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d....*.g.........."....(.....X.................@.....................................%....`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11264
                                                                                                                                                                                                                Entropy (8bit):4.704418348721006
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:nDzsc9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDj90OcX6gY/7ECFV:Dzs69damqTrpYTst0E5DjPcqgY/79X
                                                                                                                                                                                                                MD5:85F144F57905F68ECBF14552BAB2F070
                                                                                                                                                                                                                SHA1:83A20193E6229EA09DCCAE8890A74DBDD0A76373
                                                                                                                                                                                                                SHA-256:28696C8881D9C9272DE4E54ABE6760CD4C6CB22AD7E3FEABAF6FF313EC9A9EAF
                                                                                                                                                                                                                SHA-512:533EB4073594BFE97850DFF7353439BACD4E19539E247EE00D599F3468E162D2D88C5CA32322772538A73706DF9A6DD14553B35F47C686D2E20D915FAB766BDA
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...O..e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                                Entropy (8bit):4.968532257508093
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:JF3rugNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDq4wYH/kcX6G:tF/1nb2mhQtkXHTeZ87VDqyMcqgYvEp
                                                                                                                                                                                                                MD5:14A20ED2868F5B3D7DCFEF9363CB1F32
                                                                                                                                                                                                                SHA1:C1F2EF94439F42AA39DCDE1075DEFAC8A6029DC6
                                                                                                                                                                                                                SHA-256:A072631CD1757D5147B5E403D6A96EF94217568D1DC1AE5C67A1892FBF61409E
                                                                                                                                                                                                                SHA-512:33BE8B3733380C3ADFE5D2844819C754FB11FCBC7AA75DA8FBB4D6CEF938E7D3267FBD215B9666DCFA5795D54484360A61DAF193BC75B57C252D44E5F9F0D855
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...P..e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                Entropy (8bit):5.061520684813544
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:cdF/1nb2mhQtkXn0t/WS60YYDEbqvdvGyv9lkVcqgYvEMo:e2f6XSZ6XYD5vdvGyv9MgYvEMo
                                                                                                                                                                                                                MD5:E2AB7EECFD020CFDEBA6DD3ADD732EB7
                                                                                                                                                                                                                SHA1:26975087F7AC8001830CAD4151003DBCABF82126
                                                                                                                                                                                                                SHA-256:85BCF0FD811ADE1396E3A93EEEF6BC6B88D5555498BA09C164FAA3092DACDEFF
                                                                                                                                                                                                                SHA-512:EB45126A07128E0FA8DC2B687F833BA95BB8703D7BC06E5C34F828EAEF062CFCA56D8A51A73B20DFA771595F6C6D830B659B5C0EB62467C61E95C97C4A73398D
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...P..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                Entropy (8bit):5.236611028290556
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:osiHXqpoUol3xZhRyQX5lDnRDFFav+tcqgRvE:K6D+XBDfDgRvE
                                                                                                                                                                                                                MD5:7FA5B1642D52FABFE1D3EBD1080056D4
                                                                                                                                                                                                                SHA1:56B9E87D613EE9A8B6B71A93ED5FA1603886139A
                                                                                                                                                                                                                SHA-256:88C7EC96B9E1D168005B3A8727AAA7F76B4B2985083ED7A9FB0A2AB02446E963
                                                                                                                                                                                                                SHA-512:9E0BF47060A2B7AC8FFD2CB8B845D44013C068BFE74926A67496D79BCB513506625BDA1DDF18ECE7777D1379F036506F19457D0A43FA618A8F75664C47798E64
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d...N..e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                                Entropy (8bit):6.558039926510444
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Dz5P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuTLg46:DzdqWB7YJlmLJ3oD/S4j990th9VTsC
                                                                                                                                                                                                                MD5:E63FC8375E1D8C47FBB84733F38A9552
                                                                                                                                                                                                                SHA1:995C32515AA183DA58F970CEDC6667FAE166615A
                                                                                                                                                                                                                SHA-256:F47F9C559A9C642DA443896B5CD24DE74FED713BDF6A9CD0D20F5217E4124540
                                                                                                                                                                                                                SHA-512:4213189F619E7AA71934033CABA401FE93801B334BA8D8EAFEDA89F19B13224C516E4BB4F4F93F6AE2C21CD8F5586D3FFAC3D16CB1242183B9302A1F408F6F6A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...L..e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                                Entropy (8bit):5.285246086368036
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:jJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4mqccqgwYUMvEW:ZkRwi3wO26Ef+yuIm9PfDewgwYUMvE
                                                                                                                                                                                                                MD5:A914F3D22DA22F099CB0FBFBBB75DDBF
                                                                                                                                                                                                                SHA1:2834AEB657CA301D722D6D4D1672239C83BE97E3
                                                                                                                                                                                                                SHA-256:4B4DBF841EC939EF9CC4B4F1B1BA436941A3F2AF2F4E34F82C568DFC09BA0358
                                                                                                                                                                                                                SHA-512:15BF5FCE53FB2C524054D02C2E48E3DDC4EAC0C1F73325D58B04DFE17259C208FFAC0A7C634FBC2CF1A08E7F28C1FD456061BA0838F4316EB37514E1E8D4C95F
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d...L..e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):5.505232918566824
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:9d9VkyQ5f8vjVaCHpKpTTjaNe7oca2DWZQ2dhmdcqgwNeecBih:rkP5cjIGpKlqD2DakzgwNeE
                                                                                                                                                                                                                MD5:9F1A2A9D731E7755EE93C82C91FA5FE2
                                                                                                                                                                                                                SHA1:41085FBE84E1B98A795871033034FA1F186274EF
                                                                                                                                                                                                                SHA-256:17F3EAF463868B015583BD611BE5251E36AAB616522FF4072011B3D72F6F552F
                                                                                                                                                                                                                SHA-512:7E29D4729837D87AEF34CFA7B1F86DFBB81907CD11FC575C4ED1B8A956409492315BFA76ADE4D7C51E51E37E5D098A7F4FEE4C58D86D0E6245A4AA0D392D488A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...L..e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20992
                                                                                                                                                                                                                Entropy (8bit):6.061115794354147
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:pUv5cJMOZA0nmwBD+XpJgLa0Mp8QHg4P2llyM:GK1XBD+DgLa1gTi
                                                                                                                                                                                                                MD5:883DE82B3B17F95735F579E78A19D509
                                                                                                                                                                                                                SHA1:3EC7259ACA3730B2A6F4E1CA5121DB4AB41C619E
                                                                                                                                                                                                                SHA-256:67FF6C8BBDC9E33B027D53A26DF39BA2A2AD630ACCE1BAC0B0583CA31ADF914F
                                                                                                                                                                                                                SHA-512:602915EAA0933F5D1A26ECC1C32A8367D329B12794CBF2E435B1704E548858E64710AB52BC6FC14FC98DF0B8EEBDE2B32A35BCF935079CC8E2412C07DF5303FD
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...L..e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25088
                                                                                                                                                                                                                Entropy (8bit):6.475398255636883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Zc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy7IYgLWi:q6H1TZXX5XmrXA+NNxWi0dLWi
                                                                                                                                                                                                                MD5:0AC22DA9F0B2F84DE9D2B50D457020C1
                                                                                                                                                                                                                SHA1:682E316AE958121D0E704CAB0F78CCAD42C77573
                                                                                                                                                                                                                SHA-256:480C79C713AD15328E9EB9F064B90BCDCB5AAD149236679F97B61218F6D2D200
                                                                                                                                                                                                                SHA-512:11C04D55C5E73583D658E0918BD5A37C7585837A6E0F3C78AEF10A5D7A5C848B0620028177A9D9B0AD5DB882B2A26624F92BEFC9BC8F8A23C002723E50DD80A5
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...M..e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):4.839420412830416
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:CF/1nb2mhQtkr+juOxKbDbRHcqgYvEkrK:42f6iuOsbDXgYvEmK
                                                                                                                                                                                                                MD5:6840F030DF557B08363C3E96F5DF3387
                                                                                                                                                                                                                SHA1:793A8BA0A7BDB5B7E510FC9A9DDE62B795F369AE
                                                                                                                                                                                                                SHA-256:B7160ED222D56925E5B2E247F0070D5D997701E8E239EC7F80BCE21D14FA5816
                                                                                                                                                                                                                SHA-512:EDF5A4D5A3BFB82CC140CE6CE6E9DF3C8ED495603DCF9C0D754F92F265F2DCE6A83F244E0087309B42930D040BF55E66F34504DC1C482A274AD8262AA37D1467
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...N..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                Entropy (8bit):4.905258571193623
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:fRgPX8lvI+KnwSDTPUDEnKWPXcqgzQkvEd:4og9rUD/mpgzQkvE
                                                                                                                                                                                                                MD5:7256877DD2B76D8C6D6910808222ACD8
                                                                                                                                                                                                                SHA1:C6468DB06C4243CE398BEB83422858B3FED76E99
                                                                                                                                                                                                                SHA-256:DBF703293CFF0446DFD15BBAEDA52FB044F56A353DDA3BECA9AADD8A959C5798
                                                                                                                                                                                                                SHA-512:A14D460D96845984F052A8509E8FC44439B616EEAE46486DF20F21CCAA8CFB1E55F1E4FA2F11A7B6AB0A481DE62636CEF19EB5BEF2591FE83D415D67EB605B8E
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d...N..e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                                Entropy (8bit):5.300728193650235
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:jGYJ1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDr6krRcqgUF6+6vEX:jR01si8XSi3SACqe7tDlDgUUjvE
                                                                                                                                                                                                                MD5:B063D73E5AA501060C303CAFBC72DAD3
                                                                                                                                                                                                                SHA1:8C1CA04A8ED34252EB233C993DDBA17803E0B81E
                                                                                                                                                                                                                SHA-256:98BACA99834DE65FC29EFA930CD9DBA8DA233B4CFDFC4AB792E1871649B2FE5C
                                                                                                                                                                                                                SHA-512:8C9AD249F624BDF52A3C789C32532A51D3CC355646BD725553A738C4491EA483857032FB20C71FD3698D7F68294E3C35816421DFF263D284019A9A4774C3AF05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d...O..e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.260136375669177
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:9RUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZvZY0JAIg+v:9rHGHfJidIK
                                                                                                                                                                                                                MD5:3AEA5302F7F03EDEFF49D1C119C61693
                                                                                                                                                                                                                SHA1:DBDDE1C10B253744153FC1F47C078AAACCF3F3A6
                                                                                                                                                                                                                SHA-256:E5DDA67D4DF47B7F00FF17BE6541CA80BDB4B60E1F6FD1A7D7F115DDF7683EE5
                                                                                                                                                                                                                SHA-512:DD42C24EDAF7E1B25A51BC8C96447496B3289C612C395CA7BD8BF60A162229C2E0CA0432CDDF1CB2D65D80189DB02BEE42FFD0E7DD9E5FC19278CA3FD593AB2C
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d...M..e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58368
                                                                                                                                                                                                                Entropy (8bit):4.276947153784193
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:98Uqho9weF5/eHkRnYcZiGKdZHDL7idErZ8ZYXGg:9gCneH//idv2
                                                                                                                                                                                                                MD5:BA5BA714AEBFD8130EB6E0983FBAE20B
                                                                                                                                                                                                                SHA1:3309C26A9083EC3AD982DD3D6630FCC16465F251
                                                                                                                                                                                                                SHA-256:861167DFEB390261E538D635EAD213E81C1166D8D85A496774FBF2EBFF5A4332
                                                                                                                                                                                                                SHA-512:309CC3FD8DB62517AE70B404C5ACD01052F10582A17123135CD1A28D3A74AB28F90A8E7ED7D2061A4B6C082F85E98DA822D43986FC99367B288A72BA9F8B5569
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d...N..e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                                Entropy (8bit):4.579354442149926
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:j0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwoYPj15XkcX6gbW6z:pVddiT7pgTctEEI4qXDe11kcqgbW6
                                                                                                                                                                                                                MD5:1C74E15EC55BD8767968024D76705EFC
                                                                                                                                                                                                                SHA1:C590D1384D2207B3AF01A46A5B4F7A2AE6BCAD93
                                                                                                                                                                                                                SHA-256:0E3EC56A1F3C86BE1CAA503E5B89567AA91FD3D6DA5AD4E4DE4098F21270D86B
                                                                                                                                                                                                                SHA-512:E96CA56490FCE7E169CC0AB803975BAA8B5ACB8BBAB5047755AE2EEAE177CD4B852C0620CD77BCFBC81AD18BB749DEC65D243D1925288B628F155E8FACDC3540
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...N..e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                Entropy (8bit):6.143744403797058
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:7Uv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Qy0gYP2lXCM:UKR8I+K0lDFQgLa1WzU
                                                                                                                                                                                                                MD5:E7826C066423284539BD1F1E99BA0CC6
                                                                                                                                                                                                                SHA1:DA7372EEB180C2E9A6662514A8FA6261E04AC6DC
                                                                                                                                                                                                                SHA-256:0E18B7C2686BB954A8EE310DD5FDB76D00AC078A12D883028BFFC336E8606DA2
                                                                                                                                                                                                                SHA-512:55F8B00B54F3C3E80803D5A3611D5301E29A2C6AF6E2CAA36249AEBA1D4FCC5A068875B34D65106C137F0455F11B20226B48EEF687F5EA73DFEA3C852BF07050
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...M..e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                                Entropy (8bit):5.353670931504009
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:tPHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8Ng6Vf4A:DPcnB8KSsB34cb+bcOYpMCBDB
                                                                                                                                                                                                                MD5:D5DB7192A65D096433F5F3608E5AD922
                                                                                                                                                                                                                SHA1:22AD6B635226C8F6B94F85E4FBFB6F8C18B613C8
                                                                                                                                                                                                                SHA-256:FAB286E26160820167D427A4AAB14BE4C23883C543E2B0C353F931C89CEA3638
                                                                                                                                                                                                                SHA-512:5503E83D68D144A6D182DCC5E8401DD81C1C98B04B5ED24223C77D94B0D4F2DD1DD05AED94B9D619D30D2FE73DFFA6E710664FFC71B8FA53E735F968B718B1D9
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...O..e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):4.741875402338703
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:sCF/1nb2mhQtkgU7L9D0E7tfcqgYvEJPb:N2f6L9D5JxgYvEJj
                                                                                                                                                                                                                MD5:134F891DE4188C2428A2081E10E675F0
                                                                                                                                                                                                                SHA1:22CB9B0FA0D1028851B8D28DAFD988D25E94D2FD
                                                                                                                                                                                                                SHA-256:F326AA2A582B773F4DF796035EC9BF69EC1AD11897C7D0ECFAB970D33310D6BA
                                                                                                                                                                                                                SHA-512:43CE8AF33630FD907018C62F100BE502565BAD712AD452A327AE166BD305735799877E14BE7A46D243D834F3F884ABF6286088E30533050ED9CD05D23AACAEAB
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...O..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                                Entropy (8bit):5.213290591994899
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:oF/1nb2mhQtkRySMfJ2ycxFzShJD9dAal2QDeJKcqgQx2QY:C2fKRQB2j8JD4fJagQx2QY
                                                                                                                                                                                                                MD5:7D6979D69CD34652D5A3A197300AB65C
                                                                                                                                                                                                                SHA1:E9C7EF62B7042B3BAC75B002851C41EFEEE343CE
                                                                                                                                                                                                                SHA-256:2365B7C2AF8BBAC3844B7BEF47D5C49C234A159234A153515EB0634EEC0557CC
                                                                                                                                                                                                                SHA-512:CBDBE0DF4F6CB6796D54969B0EEF06C0CDA86FF34A2B127BF0272C819FB224D6E5393D5C9B31E53A24EAC9A3A1AEA6E0854A8D7911CF7C4C99292C931B8B05DF
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...J..e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                                Entropy (8bit):5.181893965844124
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:cF/1nb2mhQt7fSOp/CJPvADQoKtxSOvbcqgEvcM+:22fNKOZWPIDMxVlgEvL
                                                                                                                                                                                                                MD5:C3BA97B2D8FFFDB05F514807C48CABB2
                                                                                                                                                                                                                SHA1:7BC7FBDE6A372E5813491BBD538FD49C0A1B7C26
                                                                                                                                                                                                                SHA-256:4F78E61B376151CA2D0856D2E59976670F5145FBABAB1EEC9B2A3B5BEBB4EEF6
                                                                                                                                                                                                                SHA-512:57C1A62D956D8C6834B7BA81C2D125A40BF466E833922AE3759CF2C1017F8CAF29F4502A5A0BCBC95D74639D86BAF20F0335A45F961CFCAC39B4ED81E318F4EB
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...K..e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                                Entropy (8bit):5.1399121410532445
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:HsiHXqpo0cUp8XnUp8XjEQnlDtTI6rcqgcx2:J6DcUp8XUp8AclDy69gcx2
                                                                                                                                                                                                                MD5:BB4CF5E97D4031B47CC7B7DAEDA005DD
                                                                                                                                                                                                                SHA1:4F596DCE9A8546AE22BA8851B22FCE62C2C69973
                                                                                                                                                                                                                SHA-256:325512FF7E0261AF1DA4760C5A8BB8BA7BA8C532F0068D770621CD2CC89E04C6
                                                                                                                                                                                                                SHA-512:93088745BA922918A8EBC20C7043DA4C3C639245547BE665D15625B7F808EC0BF120841ACEEFCE71134921EF8379821769DE35D32CCCC55E6B391C57C7F4D971
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...A..e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                                Entropy (8bit):5.204576067987685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:JsiHXqpwUiv6wPf+4WVrd1DFrXqwWwcqgfvE:36biio2Pd1DFrlgfvE
                                                                                                                                                                                                                MD5:D2131380B7760D5BC3C2E1772C747830
                                                                                                                                                                                                                SHA1:DA5838E1C6DF5EC45AC0963E98761E9188A064D0
                                                                                                                                                                                                                SHA-256:6DB786B30F6682CD699E22D0B06B873071DCC569557B6EB6EC1416689C0890FE
                                                                                                                                                                                                                SHA-512:594939FB1D9154E15106D4B4AA9EF51A6AE5062D471ED7C0779A8E3D84D8F4B1481529015E0926A3489119DA37BE6CFE70C70ED695A6E84F6AF8F65402F6AAB5
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                                Entropy (8bit):5.4787123381499825
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:3Z9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZuRsP0rcqgjPrvE:SQ0gH7zSccA5J6ECTGmDMa89gjPrvE
                                                                                                                                                                                                                MD5:CAF687A7786892939FFF5D5B6730E069
                                                                                                                                                                                                                SHA1:96C2567A770E12C15903767A85ABF8AF57FE6D6A
                                                                                                                                                                                                                SHA-256:9001E0C50D77823D64C1891F12E02E77866B9EDE783CEF52ED4D01A32204781B
                                                                                                                                                                                                                SHA-512:0B3C9E5C1F7EF52E615D9E1E6F7D91324BAB7C97FFAFB6DBAEB229CF1B86420A3534493C34DD9FAEB4BBC3612F245248ABA34393311C31500D827538DFE24BC5
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18432
                                                                                                                                                                                                                Entropy (8bit):5.69653684522693
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:pkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+D0ngkov:2nx7RI26LuuHKz8+D5N
                                                                                                                                                                                                                MD5:9762DBF0527A46F21852CA5303E245C3
                                                                                                                                                                                                                SHA1:33333912F16BB755B0631D8308D94DA2D7589127
                                                                                                                                                                                                                SHA-256:0DF91D69B8D585D2660168125E407E3CB3D87F338B3628E5E0C2BF49C9D20DB8
                                                                                                                                                                                                                SHA-512:52687C38939710C90A8C97F2C465AF8CF0309E3939255427B88BC461E27FADA79B0CB31F8BD215F72B610CAC093934C066141B9298353F04CC067C4E68B31DF0
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...J..e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19456
                                                                                                                                                                                                                Entropy (8bit):5.798411671336839
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:cPHNP3MjevhSY/8EBbVxcJ0ihTLdFDUPHgj+kf4D:mPcKvr/jUJ0sbDoAj+t
                                                                                                                                                                                                                MD5:74DAAAB71F93BCE184D507A45A88985C
                                                                                                                                                                                                                SHA1:3D09D69E94548EC6975177B482B68F86EDA32BB8
                                                                                                                                                                                                                SHA-256:E781D6DAF2BAAA2C1A45BD1CDDB21BA491442D49A03255C1E367F246F17E13BF
                                                                                                                                                                                                                SHA-512:870EC2752304F12F2F91BE688A34812AC1C75D444A0107284E3C45987639D8D07116EB98DB76931F9C8487666E1B2C163FC5743BBFC5A72F20F040670CDEB509
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                Entropy (8bit):5.86552932624144
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:V1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOhwgjxo:XjwyJUYToZwOLuzDNU1j
                                                                                                                                                                                                                MD5:92587A131875FF7DC137AA6195B8BD81
                                                                                                                                                                                                                SHA1:2BA642DDC869AB329893795704BFE3F23C7B6ECB
                                                                                                                                                                                                                SHA-256:D2A9484134A65EFF74F0BDA9BB94E19C4964B6C323667D68B4F45BB8A7D499FC
                                                                                                                                                                                                                SHA-512:62823A0168B415045A093ACC67E98B5E33908380860B04AA0568B04F39DE957DA30F929459C766DC9782EFC3143DCD2F4950E3876669E680B6910C213300B565
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...F..e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                                Entropy (8bit):5.867427817795374
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:b1jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNWegjxo:ZjwyJOYToZwOLuzDNW7j
                                                                                                                                                                                                                MD5:B4E18C9A88A241FD5136FAF33FB9C96A
                                                                                                                                                                                                                SHA1:077AF274AA0336880391E2F38C873A72BFC1DE3B
                                                                                                                                                                                                                SHA-256:E50DB07E18CB84827B0D55C7183CF580FB809673BCAFBCEF60E83B4899F3AA74
                                                                                                                                                                                                                SHA-512:81A059115627025A7BBF8743B48031619C13A513446B0D035AA25037E03B6A544E013CAAEB139B1BE9BA7D0D8CF28A5E7D4CD1B8E17948830E75BDFBD6AF1653
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...D..e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27136
                                                                                                                                                                                                                Entropy (8bit):5.860145427724178
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:TFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDFfgjVx2:xDLh98jjRe+1WT1aAeIfMzxH2mDDqj
                                                                                                                                                                                                                MD5:34A0AD8A0EB6AC1E86DC8629944448ED
                                                                                                                                                                                                                SHA1:EF54E4C92C123BE341567A0ACC17E4CEE7B9F7A8
                                                                                                                                                                                                                SHA-256:03E93C2DCC19C3A0CDD4E8EFCDE90C97F6A819DFECF1C96495FDC7A0735FAA97
                                                                                                                                                                                                                SHA-512:A38EDE4B46DC9EFA80DFB6E019379809DF78A671F782660CD778427482B0F5987FA80A42C26FB367604BAFCD4FD21ABD1C833DAF2D4AEA3A43877F54D6906E21
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...G..e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27136
                                                                                                                                                                                                                Entropy (8bit):5.916758045478156
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:LFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXCElrgjhig:5YLB9Mgj0e+1WT1aAeIfMzx320DXR+j
                                                                                                                                                                                                                MD5:F028511CD5F2F925FD5A979152466CB4
                                                                                                                                                                                                                SHA1:38B8B44089B390E1F3AA952C950BDBE2CB69FBA5
                                                                                                                                                                                                                SHA-256:0FB591416CC9520C6D9C398E1EDF4B7DA412F80114F80628F84E9D4D37A64F69
                                                                                                                                                                                                                SHA-512:97C06A4DCEE7F05268D0A47F88424E28B063807FFBD94DABDCC3BF773AD933A549934916EB7339506624E97829AA5DC13321ADE31D528E8424FFDCF8C8407D4F
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...I..e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                                Entropy (8bit):5.0002940201841
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:Dz/RF/1nb2mhQtk4axusjfkgZhoYDQmRjcqgQvEty:Dz/d2f64axnTTz5DTgQvEty
                                                                                                                                                                                                                MD5:87C1C89CEB6DF9F62A8F384474D27A4A
                                                                                                                                                                                                                SHA1:B0FC912A8DE5D9C18F603CD25AE3642185FFFBDD
                                                                                                                                                                                                                SHA-256:D2256A5F1D3DC6AE38B73EA2DB87735724D29CB400D00D74CF8D012E30903151
                                                                                                                                                                                                                SHA-512:C7DFB9C8E4F4AA984416BC84E829F0BB6CD87829C86BA259EE2A9BAB7C16B15362DB9EC87BF2ACED44A6BED7B1DE03DC9450665D083205B4CD4780DCF480DA01
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...K..e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                                Entropy (8bit):5.025717576776578
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:FF/1nb2mhQtks0iiNqdF4mtPjD0HA5APYcqgYvEL2x:R2f6fFA/4GjDucgYvEL2x
                                                                                                                                                                                                                MD5:20702216CDA3F967DF5C71FCE8B9B36F
                                                                                                                                                                                                                SHA1:4D9A814EE2941A175BC41F21283899D05831B488
                                                                                                                                                                                                                SHA-256:3F73F9D59EB028B7F17815A088CEB59A66D6784FEEF42F2DA08DD07DF917DD86
                                                                                                                                                                                                                SHA-512:0802CF05DAD26E6C5575BBECB419AF6C66E48ED878F4E18E9CEC4F78D6358D751D41D1F0CCB86770A46510B993B70D2B320675422A6620CE9843E2E42193DCD8
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...K..e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):5.235441330454107
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:VTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gD/gvrjcqgCieT3WQ:VafgNpj9cHW3jqXeBRamD4ZgCieT
                                                                                                                                                                                                                MD5:F065FFB04F6CB9CDB149F3C66BC00216
                                                                                                                                                                                                                SHA1:B2BC4AF8A3E06255BAB15D1A8CF4A577523B03B6
                                                                                                                                                                                                                SHA-256:E263D7E722EC5200E219D6C7D8B7C1B18F923E103C44A0B5485436F7B778B7BD
                                                                                                                                                                                                                SHA-512:93E583B10D0F2BBB1D5539FF4E943A65BC67F6DFC51E5F991481574F58757F4D49A87022E551069F6FC55D690F7B1412CF5DE7DD9BEE27FB826853CE9ACC2B40
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...J..e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                                Entropy (8bit):5.133851517560629
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:zZNGXEgvUh43G6coX2SSwmPL4V7wTdDlDaY2cqgWjvE:mVMhuGGF2L4STdDEYWgWjvE
                                                                                                                                                                                                                MD5:213AAEC146F365D950014D7FFF381B06
                                                                                                                                                                                                                SHA1:66FCD49E5B2278CD670367A4AC6704A59AE82B50
                                                                                                                                                                                                                SHA-256:CAF315A9353B2306880A58ECC5A1710BFE3AA35CFEAD7CF0528CAEE4A0629EAD
                                                                                                                                                                                                                SHA-512:0880D7D2B2C936A4B85E6C2A127B3509B76DB4751A3D8A7BB903229CABC8DE7A7F52888D67C886F606E21400DFC51C215D1CF9C976EB558EA70975412840883A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...K..e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35840
                                                                                                                                                                                                                Entropy (8bit):5.927928056434685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:KbEkzS7+k9rMUb8cOe9rs9ja+V/Mhxh56GS:KbEP779rMtcOCs0I/Mjf
                                                                                                                                                                                                                MD5:732938D696EB507AF4C37795A4F9FCEA
                                                                                                                                                                                                                SHA1:FD585EA8779C305ADBE3574BE95CFD06C9BBD01C
                                                                                                                                                                                                                SHA-256:1383269169AB4D2312C52BF944BD5BB80A36D378FD634D7C1B8C3E1FFC0F0A8C
                                                                                                                                                                                                                SHA-512:E4EBC5470F3D05D79B65BC2752A7FF40F5525CD0813BDDECCB1042EE2286B733EE172383186E89361A49CBE0B4B14F8B2CBC0F32E475101385C634120BB36676
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d...S..e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):4.799297116284292
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:UkCfXASTMeAk4OepIXcADpOX6RcqgO5vE:+JMcPepIXcADq63gO5vE
                                                                                                                                                                                                                MD5:9E7B28D6AB7280BBB386C93EF490A7C1
                                                                                                                                                                                                                SHA1:B088F65F3F6E2B7D07DDBE86C991CCD33535EF09
                                                                                                                                                                                                                SHA-256:F84667B64D9BE1BCC6A91650ABCEE53ADF1634C02A8A4A8A72D8A772432C31E4
                                                                                                                                                                                                                SHA-512:16A6510B403BF7D9ED76A654D8C7E6A0C489B5D856C231D12296C9746AC51CD372CC60CA2B710606613F7BC056A588C54EA24F9C0DA3020BBEA43E43CEEB9CA4
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d...P..e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):754688
                                                                                                                                                                                                                Entropy (8bit):7.6249603206444005
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:l1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6hM:XYmzHoxJFf1p34hcrn5Go9yQO6q
                                                                                                                                                                                                                MD5:102898D47B45548E7F7E5ECC1D2D1FAA
                                                                                                                                                                                                                SHA1:DDAE3A3BDD8B83AF42126245F6CB24DC2202BC04
                                                                                                                                                                                                                SHA-256:C9BF3CF5707793C6026BFF68F2681FAAD29E953ED891156163CD0B44A3628A92
                                                                                                                                                                                                                SHA-512:85A42FC08C91AFF50A9FF196D6FE8ABD99124557341B9809B62A639957B166C2A7EFEA0A042BE2D753464DF5908DF4F5FE01A91C239B744CD44A70B79EF81048
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d...R..e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27648
                                                                                                                                                                                                                Entropy (8bit):5.792776923715812
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:mBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsla15gkbQ0e1:cL/g28Ufsxg9GmvPauYLxtX1D8kf
                                                                                                                                                                                                                MD5:717DA232A3A9F0B94AF936B30B59D739
                                                                                                                                                                                                                SHA1:F1B3676E708696585FBCB742B863C5BB913D923F
                                                                                                                                                                                                                SHA-256:B3FD73D54079903C0BE39BA605ED9BB58ECD1D683CCB8821D0C0CC795165B0C6
                                                                                                                                                                                                                SHA-512:7AF46035F9D4A5786ED3CE9F97AC33637C3428EF7183DED2AFD380265FAE6969BB057E3B5D57C990DD083A9DB2A67BEA668D4215E78244D83D7EE7E0A7B40143
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d...R..e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):67072
                                                                                                                                                                                                                Entropy (8bit):6.060435635420756
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:YqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxROpq:YqctkGACFI5t35q2JbgrwwOoqLTM9rMq
                                                                                                                                                                                                                MD5:ADF96805C070920EA90D9AB4D1E35807
                                                                                                                                                                                                                SHA1:D8FA8E29D9CDCD678DC03DA527EAF2F0C3BEF21A
                                                                                                                                                                                                                SHA-256:A36B1EDC104136E12EB6F28BD9366D30FFCEC0434684DC139314723E9C549FB7
                                                                                                                                                                                                                SHA-512:FB67C1F86CF46A63DF210061D16418589CD0341A6AA75AB49F24F99AD3CFF874BB02664706B9E2C81B7EF7300AF5BB806C412B4F069D22B72F7D9EBFFF66FE61
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d...S..e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                                Entropy (8bit):4.488514144301916
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:IpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADBhDTAbcX6gn/7EC:uVddiT7pgTctdErDDDTicqgn/7
                                                                                                                                                                                                                MD5:148E1600E9CBAF6702D62D023CAC60BC
                                                                                                                                                                                                                SHA1:4CDD8445408C4165B6E029B9966C71BC45E634A2
                                                                                                                                                                                                                SHA-256:1461AAFD4B9DC270128C89C3EB5358794C77693BB943DC7FC42AA3BB0FC52B16
                                                                                                                                                                                                                SHA-512:53155DA3FD754AF0BC30E2A51F0B579B8A83A772025CE0B4AFD01A31B8A40F46533FDA9CC3D0D32E9480DBBD7DD4A28F9DAAC11A370B0435E5E74666ACF9181C
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d...R..e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                Entropy (8bit):4.731194408014124
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:lJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGybMZYJWJcX6gbW6s:JVddiT7pgTctEEaEDKDuMCWJcqgbW6
                                                                                                                                                                                                                MD5:1547F8CB860AB6EA92B85D4C1B0209A1
                                                                                                                                                                                                                SHA1:C5AE217DEE073AC3D23C3BF72EE26D4C7515BD88
                                                                                                                                                                                                                SHA-256:1D2F3E627551753E58ED9A85F8D23716F03B51D8FB5394C4108EB1DC90DC9185
                                                                                                                                                                                                                SHA-512:40F0B46EE837E4568089D37709EF543A987411A17BDBAE93D8BA9F87804FB34DCA459A797629F34A5B3789B4D89BD46371AC4F00DDFE5D6B521DEA8DC2375115
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...N..e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                Entropy (8bit):4.686131723746002
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:EiZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DmWMoG4BcX6gbW6O:HVddiT7pgTctEEO3DcoHcqgbW6
                                                                                                                                                                                                                MD5:16F42DE194AAEFB2E3CDEE7FA63D2401
                                                                                                                                                                                                                SHA1:BE2AB72A90E0342457A9D13BE5B6B1984875EDEA
                                                                                                                                                                                                                SHA-256:61E23970B6CED494E11DC9DE9CB889C70B7FF7A5AFE5242BA8B29AA3DA7BC60E
                                                                                                                                                                                                                SHA-512:A671EA77BC8CA75AEDB26B73293B51B780E26D6B8046FE1B85AE12BC9CC8F1D2062F74DE79040AD44D259172F99781C7E774FE40768DC0A328BD82A48BF81489
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...P..e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):119192
                                                                                                                                                                                                                Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140_1.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):49528
                                                                                                                                                                                                                Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):71448
                                                                                                                                                                                                                Entropy (8bit):6.263634545843287
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:VoxWFyB9uENvvAdAkc0TTILNPIasWxtISOno7Sysxg:ViWFyRNv4drc0TTILNPfsgtISOnoN
                                                                                                                                                                                                                MD5:477DBA4D6E059EA3D61FAD7B6A7DA10E
                                                                                                                                                                                                                SHA1:1F23549E60016EEED508A30479886331B22F7A8B
                                                                                                                                                                                                                SHA-256:5BEBEB765AB9EF045BC5515166360D6F53890D3AD6FC360C20222D61841410B6
                                                                                                                                                                                                                SHA-512:8119362C2793A4C5DA25A63CA68AA3B144DB7E4C08C80CBE8C8E7E8A875F1BD0C30E497208CE20961DDB38D3363D164B6E1651D3E030ED7B8EE5F386FAF809D2
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7_[.V1..V1..V1......V1...0..V1...2..V1...5..V1...4..V1...0..V1...0..V1..V0.QV1...<..V1...1..V1......V1...3..V1.Rich.V1.................PE..d.....bf.........." ...(.f................................................... .......%....`.............................................P......d......................../..............T...........................@...@............................................text...Qe.......f.................. ..`.rdata..pO.......P...j..............@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):85272
                                                                                                                                                                                                                Entropy (8bit):6.593462846910602
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:i2sz7yc51BVo1QX/FPI11IK1cDm015ssO687sjkD1ISCV087Syyxt+:dsz2c5eQXB4am05spd7MkD1ISCVzL
                                                                                                                                                                                                                MD5:5BEBC32957922FE20E927D5C4637F100
                                                                                                                                                                                                                SHA1:A94EA93EE3C3D154F4F90B5C2FE072CC273376B3
                                                                                                                                                                                                                SHA-256:3ED0E5058D370FB14AA5469D81F96C5685559C054917C7280DD4125F21D25F62
                                                                                                                                                                                                                SHA-512:AFBE80A73EE9BD63D9FFA4628273019400A75F75454667440F43BEB253091584BF9128CBB78AE7B659CE67A5FAEFDBA726EDB37987A4FE92F082D009D523D5D6
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b......................................................................................Rich...................PE..d.....bf.........." ...(.....^...............................................`......P.....`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text.../........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):182784
                                                                                                                                                                                                                Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125208
                                                                                                                                                                                                                Entropy (8bit):6.137610144878813
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:CXw32spTVYgFoj6N2xE9sb7VFf/EkZBq5syCtYPU9pISLPTj:CgGEOgFoj68ksTf/ENs7
                                                                                                                                                                                                                MD5:FB454C5E74582A805BC5E9F3DA8EDC7B
                                                                                                                                                                                                                SHA1:782C3FA39393112275120EAF62FC6579C36B5CF8
                                                                                                                                                                                                                SHA-256:74E0E8384F6C2503215F4CF64C92EFE7257F1AEC44F72D67AD37DC8BA2530BC1
                                                                                                                                                                                                                SHA-512:727ADA80098F07849102C76B484E9A61FB0F7DA328C0276D82C6EE08213682C89DEEB8459139A3FBD7F561BFFACA91650A429E1B3A1FF8F341CEBDF0BFA9B65D
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.................M.......M.......M.......M...............................O...........|...................................Rich............PE..d.....bf.........." ...(............`_....................................................`.........................................p`.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..hl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_decimal.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):257304
                                                                                                                                                                                                                Entropy (8bit):6.565489271518002
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:vnXBJvhy8AJOMg4hmRWw710z4ez9qWM53pLW1AW/ZJJJWtCk1mGc:ByJJOMiRW+10EHFpNc
                                                                                                                                                                                                                MD5:492C0C36D8ED1B6CA2117869A09214DA
                                                                                                                                                                                                                SHA1:B741CAE3E2C9954E726890292FA35034509EF0F6
                                                                                                                                                                                                                SHA-256:B8221D1C9E2C892DD6227A6042D1E49200CD5CB82ADBD998E4A77F4EE0E9ABF1
                                                                                                                                                                                                                SHA-512:B8F1C64AD94DB0252D96082E73A8632412D1D73FB8095541EE423DF6F00BC417A2B42C76F15D7E014E27BAAE0EF50311C3F768B1560DB005A522373F442E4BE0
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.............. .....G&......G&......G&......G&.......!......................!.......!.......!.......!L......!......Rich............PE..d.....bf.........." ...(.....<............................................................`..........................................c..P....c...................&......./......T.......T...........................p...@............................................text...I........................... ..`.rdata..(...........................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):66328
                                                                                                                                                                                                                Entropy (8bit):6.2279606895285875
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:JgHpgE4Z27b4ZWZnEmIAtISOIx7SyZUxN:i14ZeEmIAtISOIx7+
                                                                                                                                                                                                                MD5:DA02CEFD8151ECB83F697E3BD5280775
                                                                                                                                                                                                                SHA1:1C5D0437EB7E87842FDE55241A5F0CA7F0FC25E7
                                                                                                                                                                                                                SHA-256:FD77A5756A17EC0788989F73222B0E7334DD4494B8C8647B43FE554CF3CFB354
                                                                                                                                                                                                                SHA-512:A13BC5C481730F48808905F872D92CB8729CC52CFB4D5345153CE361E7D6586603A58B964A1EBFD77DD6222B074E5DCCA176EAAEFECC39F75496B1F8387A2283
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N@.. ... ... ...... ..k!... ..k#... ..k$... ..k%... ..l!... ...!... ..h!... ...!.A. ..l-... ..l ... ..l.... ..l"... .Rich.. .........................PE..d.....bf.........." ...(.V.......... @...............................................G....`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):160024
                                                                                                                                                                                                                Entropy (8bit):6.854257867628366
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:Bsvkxuqgo7e2uONqG+hi+CSznfF9mNopXnmnu1ISZ1Vk:BnuFo7Jg1NYOp2uO
                                                                                                                                                                                                                MD5:195DEFE58A7549117E06A57029079702
                                                                                                                                                                                                                SHA1:3795B02803CA37F399D8883D30C0AA38AD77B5F2
                                                                                                                                                                                                                SHA-256:7BF9FF61BABEBD90C499A8ED9B62141F947F90D87E0BBD41A12E99D20E06954A
                                                                                                                                                                                                                SHA-512:C47A9B1066DD9744C51ED80215BD9645AAB6CC9D6A3F9DF99F618E3DD784F6C7CE6F53EABE222CF134EE649250834193D5973E6E88F8A93151886537C62E2E2B
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hD..,%.X,%.X,%.X%]7X(%.X.Y.%.X.Y/%.X.Y$%.X.Y %.X?..Y/%.Xg].Y.%.X,%.XI%.X?..Y.%.X?..Y-%.X?.[X-%.X?..Y-%.XRich,%.X........PE..d.....bf.........." ...(.f..........`8....................................................`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_multiprocessing.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35608
                                                                                                                                                                                                                Entropy (8bit):6.433019537037269
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:W1Rp7eiajKCQnAxQ0zdudISWtl5YiSyvUAMxkEk:CRteiauAxQ0zIdISWtr7SyaxA
                                                                                                                                                                                                                MD5:2BD43E8973882E32C9325EF81898AE62
                                                                                                                                                                                                                SHA1:1E47B0420A2A1C1D910897A96440F1AEEF5FA383
                                                                                                                                                                                                                SHA-256:3C34031B464E7881D8F9D182F7387A86B883581FD020280EC56C1E3EC6F4CC2D
                                                                                                                                                                                                                SHA-512:9D51BBD25C836F4F5D1FB9B42853476E13576126B8B521851948BDF08D53B8D4B4F66D2C8071843B01AA5631ABDF13DC53C708DBA195656A30F262DCE30A88CA
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A)../z../z../z..z../z7%.{../z7%,{../z7%+{../z7%*{../z.".{../z...z../z...{./z.""{../z."/{../z.".z../z."-{../zRich../z........................PE..d.....bf.........." ...(. ...>......@...............................................6.....`.........................................@E..`....E..x............p.......\.../...........4..T............................3..@............0...............................text............ .................. ..`.rdata... ...0..."...$..............@..@.data...`....`.......F..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):56088
                                                                                                                                                                                                                Entropy (8bit):6.330310041403635
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Zinr44gaZPXxCJ/+yZdDDrhISXtl7SyVxy:ZXJ/+yZdDDrhISXtlM
                                                                                                                                                                                                                MD5:7E4553CA5C269E102EB205585CC3F6B4
                                                                                                                                                                                                                SHA1:73A60DBC7478877689C96C37107E66B574BA59C9
                                                                                                                                                                                                                SHA-256:D5F89859609371393D379B5FFD98E5B552078050E8B02A8E2900FA9B4EE8FF91
                                                                                                                                                                                                                SHA-512:65B72BC603E633596D359089C260EE3D8093727C4781BFF1EC0B81C8244AF68F69FF3141424C5DE12355C668AE3366B4385A0DB7455486C536A13529C47B54EF
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.{@..(@..(@..(IxT(D..(...)B..(...)C..(...)H..(...)L..(S..)B..(@..(7..(.x.)E..(.x.)A..(S..)A..(S..)A..(S.8(A..(S..)A..(Rich@..(........PE..d.....bf.........." ...(.N...`......................................................G.....`.............................................X.............................../......(....f..T............................e..@............`...............................text...7L.......N.................. ..`.rdata...8...`...:...R..............@..@.data...0...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32536
                                                                                                                                                                                                                Entropy (8bit):6.5090721419869135
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:xOz+R6rbVKMoNpISQUA5YiSyv86lAMxkEzc:xjgbVJoNpISQUS7SyU6dxPc
                                                                                                                                                                                                                MD5:B7E5FBD7EF3EEFFF8F502290C0E2B259
                                                                                                                                                                                                                SHA1:9DECBA47B1CDB0D511B58C3146D81644E56E3611
                                                                                                                                                                                                                SHA-256:DBDABB5FE0CCBC8B951A2C6EC033551836B072CAB756AAA56B6F22730080D173
                                                                                                                                                                                                                SHA-512:B7568B9DF191347D1A8D305BD8DDD27CBFA064121C785FA2E6AFEF89EC330B60CAFC366BE2B22409D15C9434F5E46E36C5CBFB10783523FDCAC82C30360D36F7
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V......V......V......V......V......V.......V...V...V......V......V....N..V......V..Rich.V..................PE..d.....bf.........." ...(.....8......................................................1.....`..........................................C..L....D..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...0........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):83736
                                                                                                                                                                                                                Entropy (8bit):6.32286800032437
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:ldcydNgIznrvGvLfo4o7zfqwXJ9/s+S+pzo08/n1IsJhv6cpISLwV97Sy7UxV:l6ydrr+DgxjqwXJ9/sT+pzoN1IwhScpf
                                                                                                                                                                                                                MD5:DD8FF2A3946B8E77264E3F0011D27704
                                                                                                                                                                                                                SHA1:A2D84CFC4D6410B80EEA4B25E8EFC08498F78990
                                                                                                                                                                                                                SHA-256:B102522C23DAC2332511EB3502466CAF842D6BCD092FBC276B7B55E9CC01B085
                                                                                                                                                                                                                SHA-512:958224A974A3449BCFB97FAAB70C0A5B594FA130ADC0C83B4E15BDD7AAB366B58D94A4A9016CB662329EA47558645ACD0E0CC6DF54F12A81AC13A6EC0C895CD8
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}O.c|.Nb}O.a|.Nb}O.f|.Nb}O.g|.Nb}..c|.Nb}.Nc}4Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}........PE..d.....bf.........." ...(.x..........`-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_sqlite3.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125208
                                                                                                                                                                                                                Entropy (8bit):6.262119214547602
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:D2dTrLbXVx7Qt+HEG1CO4w5yWrrPrrrrrrbEOyfgD/pWwb8tISOQAZ:qNVxMt7ZC5zrWgbos8S
                                                                                                                                                                                                                MD5:C3A41D98C86CDF7101F8671D6CEBEFDA
                                                                                                                                                                                                                SHA1:A06FCE1AC0AAB9F2FE6047642C90B1DD210FE837
                                                                                                                                                                                                                SHA-256:EE0E9B0A0AF6A98D5E8AD5B9878688D2089F35978756196222B9D45F49168A9D
                                                                                                                                                                                                                SHA-512:C088372AFCFE4D014821B728E106234E556E00E5A6605F616745B93F345F9DA3D8B3F69AF20E94DBADFD19D3AA9991EB3C7466DB5648EA452356AF462203706C
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.M.|.#.|.#.|.#.u..x.#..-".~.#..-.}.#..- ...#..-'.t.#..-&.q.#.o*".y.#.7.".~.#.|.".z.#.o*..u.#.o*#.}.#.o*.}.#.o*!.}.#.Rich|.#.........PE..d.....bf.........." ...(...........................................................8.....`.........................................@o..P....o..................D......../.......... ...T...............................@............................................text...X........................... ..`.rdata..b...........................@..@.data................~..............@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):178968
                                                                                                                                                                                                                Entropy (8bit):5.9687584339585324
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:AHtmUArl7bOGLbfbmeq2wfq6XDQJsY2GvMe1ba+VRJNI7IM/H9o/PCrXuI51ISCQ:Ym5lfOGLbjBOq6XD4MejTGl
                                                                                                                                                                                                                MD5:C87C5890039C3BDB55A8BC189256315F
                                                                                                                                                                                                                SHA1:84EF3C2678314B7F31246471B3300DA65CB7E9DE
                                                                                                                                                                                                                SHA-256:A5D361707F7A2A2D726B20770E8A6FC25D753BE30BCBCBBB683FFEE7959557C2
                                                                                                                                                                                                                SHA-512:E750DC36AE00249ED6DA1C9D816F1BD7F8BC84DDEA326C0CD0410DBCFB1A945AAC8C130665BFACDCCD1EE2B7AC097C6FF241BFC6CC39017C9D1CDE205F460C44
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^..`...`...`......`..ia...`..ic...`..id...`..ie...`..na...`..ja...`...a.I.`...a...`..nm...`..n`...`..n....`..nb...`.Rich..`.........................PE..d.....bf.........." ...(............P,..............................................Bj....`.............................................d...D...................P......../......x.......T...........................@...@............................................text...0........................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............d..............@..@.rsrc................p..............@..@.reloc..x............z..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):37656
                                                                                                                                                                                                                Entropy (8bit):6.341970590218289
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:9mqQhTcYv/NxO01ISCiO5YiSyvoAMxkEzef:9m7GINxO01ISCik7SyOxvef
                                                                                                                                                                                                                MD5:8A9A59559C614FC2BCEBB50073580C88
                                                                                                                                                                                                                SHA1:4E4CED93F2CB5FE6A33C1484A705E10A31D88C4D
                                                                                                                                                                                                                SHA-256:752FB80EDB51F45D3CC1C046F3B007802432B91AEF400C985640D6B276A67C12
                                                                                                                                                                                                                SHA-512:9B17C81FF89A41307740371CB4C2F5B0CF662392296A7AB8E5A9EBA75224B5D9C36A226DCE92884591636C343B8238C19EF61C1FDF50CC5AA2DA86B1959DB413
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.k.4...4...4...=..2.......0.......0.......<...'...6.......).......3...4...i.......5...'...5...'...5...'...5...'...5...Rich4...........................PE..d.....bf.........." ...(.*...<.......(..............................................c.....`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11736
                                                                                                                                                                                                                Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15328
                                                                                                                                                                                                                Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11744
                                                                                                                                                                                                                Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11736
                                                                                                                                                                                                                Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12256
                                                                                                                                                                                                                Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14800
                                                                                                                                                                                                                Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14288
                                                                                                                                                                                                                Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13776
                                                                                                                                                                                                                Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12768
                                                                                                                                                                                                                Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11728
                                                                                                                                                                                                                Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15824
                                                                                                                                                                                                                Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13776
                                                                                                                                                                                                                Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20944
                                                                                                                                                                                                                Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12752
                                                                                                                                                                                                                Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16336
                                                                                                                                                                                                                Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17872
                                                                                                                                                                                                                Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18384
                                                                                                                                                                                                                Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14288
                                                                                                                                                                                                                Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12240
                                                                                                                                                                                                                Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1334069
                                                                                                                                                                                                                Entropy (8bit):5.58784984725534
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:NttcY+bS4OmE1jc+fYNXPh26UZWAzLX7jOIqL3QtltIrdmoP0Hz1dc+4/BaYcUi:NttcY+NHSPL/eMKrdmoPuzFcaYcUi
                                                                                                                                                                                                                MD5:55DF3C98D18EC80BC37A6682BA0ABCBB
                                                                                                                                                                                                                SHA1:E3BF60CFECFEE2473D4E0B07057AF3C27AFA6567
                                                                                                                                                                                                                SHA-256:D8DE678C0AC0CECB7BE261BDA75511C47E6A565F0C6260EACF240C7C5039753B
                                                                                                                                                                                                                SHA-512:26368C9187155EE83C450BFC792938A2908C473BA60330CE95BCC3F780390043879BBFF3949BD4A25B38343EAC3C5C9BA709267959109C9C99A229809C97F3BD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:PK..........!..............._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\certifi\cacert.pem

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):275233
                                                                                                                                                                                                                Entropy (8bit):6.04917730761317
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d8N:QWN/TRLNLWCRrI55MWavdA
                                                                                                                                                                                                                MD5:59A15F9A93DCDAA5BFCA246B84FA936A
                                                                                                                                                                                                                SHA1:7F295EA74FC7ED0AF0E92BE08071FB0B76C8509E
                                                                                                                                                                                                                SHA-256:2C11C3CE08FFC40D390319C72BC10D4F908E9C634494D65ED2CBC550731FD524
                                                                                                                                                                                                                SHA-512:746157A0FCEDC67120C2A194A759FA8D8E1F84837E740F379566F260E41AA96B8D4EA18E967E3D1AA1D65D5DE30453446D8A8C37C636C08C6A3741387483A7D7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\INSTALLER

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\LICENSE

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):197
                                                                                                                                                                                                                Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11360
                                                                                                                                                                                                                Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\LICENSE.BSD

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1532
                                                                                                                                                                                                                Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\METADATA

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5430
                                                                                                                                                                                                                Entropy (8bit):5.111666659056883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:Dx2pqZink/QIHQIyzQIZQILuQIR8vtklGovuxNx6rIWwCvCCcT+vIrrr9B+M6VwP:4JnkoBs/stL18cT+vIrrxsM6VwDjyeyM
                                                                                                                                                                                                                MD5:07E3EEA441A0E6F99247D353BD664EA1
                                                                                                                                                                                                                SHA1:99C8F9C2DD2D02BE18D50551ED4488325906C769
                                                                                                                                                                                                                SHA-256:04FE672BF2AA70FF8E6B959DEFE7D676DCDFD34EE9062030BA352A40DB5E2D37
                                                                                                                                                                                                                SHA-512:24F458C831F7A459D12E0217F4BD57F82A034FEC9EA154CAC303200E241A52838A1962612C5AAFF5CD837F668FDC810606624DCA901F4274973F84A9ADBA8D66
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Metadata-Version: 2.1..Name: cryptography..Version: 42.0.8..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\RECORD

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15231
                                                                                                                                                                                                                Entropy (8bit):5.558037657926043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:eUXz6cZmsPNPbCsxo6vZ6s7B0Ppz+9wvny:eUj6cZmsPNPnZ
                                                                                                                                                                                                                MD5:38EBB9F8A9A063653EFD1E91080A8F55
                                                                                                                                                                                                                SHA1:9F2D5A66DBA4703887E2D7B9B5690CE4623304C0
                                                                                                                                                                                                                SHA-256:9665E12AA4C56A3CD60D6B57917105E996C0AA08557667076A44C481EECF33C7
                                                                                                                                                                                                                SHA-512:11E8672E31F39D7C8D09C680DA4B4C07F1F57C4E686609819ECAC2E1BF7989FAECCB7BF04382079B1723DE44E7BB77F7C837C368410564907D93C7FFA3A30836
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:cryptography-42.0.8.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-42.0.8.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-42.0.8.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-42.0.8.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-42.0.8.dist-info/METADATA,sha256=BP5nK_KqcP-Oa5Wd7-fWdtzf007pBiAwujUqQNteLTc,5430..cryptography-42.0.8.dist-info/RECORD,,..cryptography-42.0.8.dist-info/WHEEL,sha256=ZzJfItdlTwUbeh2SvWRPbrqgDfW_djikghnwfRmqFIQ,100..cryptography-42.0.8.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=ugkzP6GZzVCOhwUvdLskgcf4kS7b7o-gvba32agVp94,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312.pyc,,..cryptography/

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\WHEEL

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):100
                                                                                                                                                                                                                Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKciH/KQLn:RtBMwlVCxWKTQLn
                                                                                                                                                                                                                MD5:C48772FF6F9F408D7160FE9537E150E0
                                                                                                                                                                                                                SHA1:79D4978B413F7051C3721164812885381DE2FDF5
                                                                                                                                                                                                                SHA-256:67325F22D7654F051B7A1D92BD644F6EBAA00DF5BF7638A48219F07D19AA1484
                                                                                                                                                                                                                SHA-512:A817107D9F70177EA9CA6A370A2A0CB795346C9025388808402797F33144C1BAF7E3DE6406FF9E3D8A3486BDFAA630B90B63935925A36302AB19E4C78179674F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info\top_level.txt

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:cryptography.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7227392
                                                                                                                                                                                                                Entropy (8bit):6.563567185000009
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:L7vWIDI8B92Fbq5Vv1Q3rBIU6ikGtlqQVwASOGRw8beAOmnDvghmCoADPDMBMXLq:pi2++POmnDIrPDMyGnTLQmD/
                                                                                                                                                                                                                MD5:F918173FBDC6E75C93F64784F2C17050
                                                                                                                                                                                                                SHA1:163EF51D4338B01C3BC03D6729F8E90AE39D8F04
                                                                                                                                                                                                                SHA-256:2C7A31DEC06DF4EEC6B068A0B4B009C8F52EF34ACE785C8B584408CB29CE28FD
                                                                                                                                                                                                                SHA-512:5405D5995E97805E68E91E1F191DC5E7910A7F2BA31619EB64AFF54877CBD1B3FA08B7A24B411D095EDB21877956976777409D3DB58D29DA32219BF578CE4EF2
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..m...m...m...d.@.....2..o...2..|...2..e...2..i....2..o...m...L......|...1......m.......1..l...1..l...Richm...........................PE..d....o_f.........." ...'..S.........D+R.......................................n...........`...........................................i.p.....i.|............`j.DO............m......Lc.T....................Lc.(....Jc.@.............S..............................text.....S.......S................. ..`.rdata.......S.......S.............@..@.data....!...0i......"i.............@....pdata..DO...`j..P....j.............@..@.reloc........m......hm.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\libcrypto-3.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5191960
                                                                                                                                                                                                                Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\libffi-8.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39696
                                                                                                                                                                                                                Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\libssl-3.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):787224
                                                                                                                                                                                                                Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):202008
                                                                                                                                                                                                                Entropy (8bit):6.368795678805223
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:Znguk4rd6FjFMww6c+K+7X5icE878J0JhivihkzOv/:PrrYivi9v/
                                                                                                                                                                                                                MD5:958231414CC697B3C59A491CC79404A7
                                                                                                                                                                                                                SHA1:3DEC86B90543EA439E145D7426A91A7ACA1EAAB6
                                                                                                                                                                                                                SHA-256:EFD6099B1A6EFDADD988D08DCE0D8A34BD838106238250BCCD201DC7DCD9387F
                                                                                                                                                                                                                SHA-512:FD29D0AAB59485340B68DC4552B9E059FFB705D4A64FF9963E1EE8A69D9D96593848D07BE70528D1BEB02BBBBD69793EE3EA764E43B33879F5C304D8A912C3BE
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8N..@.....@.....@.....@.....@.....@..8..@..@..@.....@.....@..."..@.....@.Rich.@.........................PE..d.....bf.........." ...(..................................................... ............`............................................P...@............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...p ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\python3.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):68376
                                                                                                                                                                                                                Entropy (8bit):6.150066249409429
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:GV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/L:GDmF61JFn+/OxpISL0v7Syqx0
                                                                                                                                                                                                                MD5:A07661C5FAD97379CF6D00332999D22C
                                                                                                                                                                                                                SHA1:DCA65816A049B3CCE5C4354C3819FEF54C6299B0
                                                                                                                                                                                                                SHA-256:5146005C36455E7EDE4B8ECC0DC6F6FA8EA6B4A99FEDBABC1994AE27DFAB9D1B
                                                                                                                                                                                                                SHA-512:6DDEB9D89CCB4D2EC5D994D85A55E5E2CC7AF745056DAE030AB8D72EE7830F672003F4675B6040F123FC64C19E9B48CABD0DA78101774DAFACF74A88FBD74B4D
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..Te..Te..Te...m..Te...e..Te.....Te...g..Te.Rich.Te.........PE..d.....bf.........." ...(............................................................OX....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\python312.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6926616
                                                                                                                                                                                                                Entropy (8bit):5.7675148099570395
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:PPknDqOJlpxSupRo2vXDZ2lgghXQIX2CG4Ts99kdwQAvyodh1GCOepxk1NHh8yfE:kdlpx9p5Loehv6JfDvXHDMiETH+0Tn
                                                                                                                                                                                                                MD5:D521654D889666A0BC753320F071EF60
                                                                                                                                                                                                                SHA1:5FD9B90C5D0527E53C199F94BAD540C1E0985DB6
                                                                                                                                                                                                                SHA-256:21700F0BAD5769A1B61EA408DC0A140FFD0A356A774C6EB0CC70E574B929D2E2
                                                                                                                                                                                                                SHA-512:7A726835423A36DE80FB29EF65DFE7150BD1567CAC6F3569E24D9FE091496C807556D0150456429A3D1A6FD2ED0B8AE3128EA3B8674C97F42CE7C897719D2CD3
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..N%..N%..N%......L%....m.@%......J%......F%......C%..G]..T%...]..E%..N%..>$..]....%..]...O%..].o.O%..]...O%..RichN%..........................PE..d.....bf.........." ...(..(..<B......w.......................................pj.....[.j...`..........................................VN.d...D$O.......i......._..J....i../....i..[....2.T.....................H.(.....2.@.............(..............................text.....'.......(................. ..`.rdata...9'...(..:'...(.............@..@.data....L...PO......>O.............@....pdata...J...._..L....^.............@..@PyRuntim0.....a.......a.............@....rsrc.........i.......h.............@..@.reloc...[....i..\...&h.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):136192
                                                                                                                                                                                                                Entropy (8bit):6.007891413043079
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:ZaklTxm5xclSlX8fY/r06Yr0UWm63ELUAXkXrT4:wklTxm5xAhY/rkwNm2E4AXk
                                                                                                                                                                                                                MD5:DA0E290BA30FE8CC1A44EEEFCF090820
                                                                                                                                                                                                                SHA1:D38FCCD7D6F54AA73BD21F168289D7DCE1A9D192
                                                                                                                                                                                                                SHA-256:2D1D60B996D1D5C56C24313D97E0FCDA41A8BD6BF0299F6EA4EB4A1E25D490B7
                                                                                                                                                                                                                SHA-512:BC031D61E5772C60CBAC282D05F76D81AF1AA2A29A8602C2EFA05FC0CE1079390999336237560B408E6539A77C732F5066C1590B7FEAEDB24BAA9371783F2A8F
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.I+.z'x.z'x.z'x...x.z'xW.&y.z'xc..x.z'xW."y.z'xW.#y.z'xW.$y.z'xN.#y.z'xM.&y.z'xN.&y.z'x.z&x.z'x...y.z'x..'y.z'x..%y.z'xRich.z'x................PE..d......g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8............................................text...I........................... ..`.rdata..(...........................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\select.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31000
                                                                                                                                                                                                                Entropy (8bit):6.554631307714331
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:2RVBC9t6Lhz64wHqFslDT90YpISQGrHQIYiSy1pCQ+42AM+o/8E9VF0Nyes:YGyIHqG1HpISQG75YiSyvB2AMxkEp
                                                                                                                                                                                                                MD5:D0CC9FC9A0650BA00BD206720223493B
                                                                                                                                                                                                                SHA1:295BC204E489572B74CC11801ED8590F808E1618
                                                                                                                                                                                                                SHA-256:411D6F538BDBAF60F1A1798FA8AA7ED3A4E8FCC99C9F9F10D21270D2F3742019
                                                                                                                                                                                                                SHA-512:D3EBCB91D1B8AA247D50C2C4B2BA1BF3102317C593CBF6C63883E8BF9D6E50C0A40F149654797ABC5B4F17AEE282DDD972A8CD9189BFCD5B9CEC5AB9C341E20B
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'...&..'...&..'...&..'...&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'........PE..d.....bf.........." ...(.....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\sqlite3.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1541912
                                                                                                                                                                                                                Entropy (8bit):6.5766016996560435
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:HU/QhAI889YyuQYZlm/8AgzMkf6G5MJ8NW/yKhh+ivz/LZ/Xm+5D3ovTKJz:AVyuQYZlm/8vP6G5MJ8NuF+IzDZ/XPoA
                                                                                                                                                                                                                MD5:E52F6B9BD5455D6F4874F12065A7BC39
                                                                                                                                                                                                                SHA1:8A3CB731E9C57FD8066D6DAD6B846A5F857D93C8
                                                                                                                                                                                                                SHA-256:7EF475D27F9634F6A75E88959E003318D7EB214333D25BDF9BE1270FA0308C82
                                                                                                                                                                                                                SHA-512:764BFB9EAD13361BE7583448B78F239964532FD589E8A2AD83857192BF500F507260B049E1EB7522DEDADC81AC3DFC76A90DDEB0440557844ABED6206022DA96
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3tB.w.,.w.,.w.,.~m..{.,...-.u.,.../.s.,...(...,...).z.,.<m-.t.,.w.-...,.d.$.v.,.d.,.v.,.d..v.,.d...v.,.Richw.,.........................PE..d.....bf.........." ...(.2...,.......1..............................................c.....`..............................................#...&.......p...............X.../......X...0...T..............................@............P..X............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...`M...@...D..................@....pdata...............`..............@..@.rsrc........p.......>..............@..@.reloc..X............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\ucrtbase.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1035728
                                                                                                                                                                                                                Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\unicodedata.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1138456
                                                                                                                                                                                                                Entropy (8bit):5.461934346955969
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:LrEHdcM6hbqCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAjL:LrEXPCjfk7bPNfv42BN6yzUAjL
                                                                                                                                                                                                                MD5:CC8142BEDAFDFAA50B26C6D07755C7A6
                                                                                                                                                                                                                SHA1:0FCAB5816EAF7B138F22C29C6D5B5F59551B39FE
                                                                                                                                                                                                                SHA-256:BC2CF23B7B7491EDCF03103B78DBAF42AFD84A60EA71E764AF9A1DDD0FE84268
                                                                                                                                                                                                                SHA-512:C3B0C1DBE5BF159AB7706F314A75A856A08EBB889F53FE22AB3EC92B35B5E211EDAB3934DF3DA64EBEA76F38EB9BFC9504DB8D7546A36BC3CABE40C5599A9CBD
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....}...}...}......}..*|...}..*~...}..*y...}..*x...}..-|...}.H.|...}...|.S.}..-p...}..-}...}..-....}..-....}.Rich..}.........................PE..d.....bf.........." ...(.@..........0*.......................................p............`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32api.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):133632
                                                                                                                                                                                                                Entropy (8bit):5.874056262688227
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:LqnAWHjDQCj8ilDiv+zQQoMlRVFhLaNzvvA5sqQvml1RhkmrAte:L1ojDHjllCrMlRVgvY5sqQeRhkmrA
                                                                                                                                                                                                                MD5:E9D8AB0E7867F5E0D40BD474A5CA288C
                                                                                                                                                                                                                SHA1:E7BDF1664099C069CEEA18C2922A8DB049B4399A
                                                                                                                                                                                                                SHA-256:DF724F6ABD66A0549415ABAA3FDF490680E6E0CE07584E964B8BFD01E187B487
                                                                                                                                                                                                                SHA-512:49B17E11D02AE99583F835B8ECF526CF1CF9CEAB5D8FAC0FBFAF45411AC43F0594F93780AE7F6CB3EBBC169A91E81DD57A37C48A8CD5E2653962FFBDCF9879BB
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.........................................+..........................................Rich...........PE..d...!..g.........." .........................................................P............`......................................... ................0..\.......X............@..X....v..T............................;..8............0..........@....................text............................... ..`.rdata..2....0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32crypt.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125440
                                                                                                                                                                                                                Entropy (8bit):5.9728713295367655
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:AIINEheWtuMosPedLA/6wug2LmnEXFidAf2+nUkbB4da:AvKtUCUX11idM2+nDbB4da
                                                                                                                                                                                                                MD5:D08D4AE87AFA22E54EC4D2B6CD64C8CC
                                                                                                                                                                                                                SHA1:6450E9C65B50BC2564DFE46AA6BEB3B17A1B7794
                                                                                                                                                                                                                SHA-256:3088FBA55A9200223080554C55FA0054353FDFCAB4ED4AC51716E5413971B898
                                                                                                                                                                                                                SHA-512:CFE8DBDCAF1B24DC2E6F6D04AF51D83AF79F92E894E8AF2CA73812919571089A62F8C3DEFEF0EB6C0BCB87E9EBE9B62FFCC891474C5EEB1E051E370ABE0412AC
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Mi...............pr.....[}......[}......[}......[}.......}......A.......Bp...............}.......}.......}......Rich....................PE..d......g.........." ................8........................................0............`.............................................................d.................... ..H....W..T............................X..8............ ...............................text............................... ..`.rdata....... ......................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32evtlog.pyd

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                                                Entropy (8bit):5.765780991867437
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:qEJTdBYGvVCI7xEgBXBj8YTKUEGMUdkASQtz:3tdBYGvV1XBX18YuUEGMUOASMz
                                                                                                                                                                                                                MD5:CA38BAC64494D8588AF1859821842C6C
                                                                                                                                                                                                                SHA1:A0999ECAB6697F42158BF868F5D585E63F335B08
                                                                                                                                                                                                                SHA-256:2E773A7ADD7290AD21C9FFFF286EA50789170AEEA4BA608C73FF24740D45C41B
                                                                                                                                                                                                                SHA-512:94FF7C8B0E862BB6EDD993CE2FFB38929D0375EA1A74F2DF7192CDEEBD1EAC4AFEE871C2EEB84193B74970ABC5A6E164E85ADB3CC3592264711AF7DA73CD3AE7
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qU..54..54..54..<L/.34..gA..14..gA..=4..gA..64...A..74..}...74..gA..&4..~L..04..54...4...A..44...A..44...AC.44...A..44..Rich54..........................PE..d... ..g.........." .........................................................`............`.............................................X...H........@.. ....0..|............P..l.......T...........................`...8...............`.......@....................text...0........................... ..`.rdata..6\.......^..................@..@.data...............................@....pdata..|....0......................@..@.rsrc... ....@......................@..@.reloc..l....P......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3284480
                                                                                                                                                                                                                Entropy (8bit):6.580606277325351
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:tdJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQN333KL:jJYVM+LtVt3P/KuG2ONG9iqLRQN333Y
                                                                                                                                                                                                                MD5:C8E01A284D740A1B8962C82CD10667C2
                                                                                                                                                                                                                SHA1:1BC81FD2B34A3C8743DF225811671ED63937C782
                                                                                                                                                                                                                SHA-256:9AA2575FB76DB286C63C5893DA837C639EAFB3D9CC4E3F52718D76D4F7E19382
                                                                                                                                                                                                                SHA-512:CD47DF597DE04B269B3D54AAFA2C43E99E14003785C60105E9BE8C51B189F1846FA63B8C4606F11E4C509177D6A07DCBA525BF7EA71E02083BFCD41ECBE61BE8
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..X........*.......*...@...........................2...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-R6R4G.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexus.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Nov 30 03:58:22 2024, mtime=Sat Nov 30 03:58:24 2024, atime=Sat Nov 30 03:13:16 2024, length=18222592, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1307
                                                                                                                                                                                                                Entropy (8bit):4.89087772905973
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:8mO+ZCNVEMXR8n240ACZL+AUfJG0LD9G/MQ3m3VqyFm:8mRZCNGMXR8n240ACFFQJGeD9GNW8yF
                                                                                                                                                                                                                MD5:C5D99091F4E119A4CECD15B944E80EA9
                                                                                                                                                                                                                SHA1:47E1FB8FA5E79517360A5BE5AE65C1A2047E24A3
                                                                                                                                                                                                                SHA-256:21F3BA9962D9162EF02BCF16D48648360F294BAA4CAE6F7552DFB423BC764BEB
                                                                                                                                                                                                                SHA-512:67451207C74E986189991A3ED9DDCB4A00CDFB097B70FF083318F97C9986C348D7B259274E15F22EB742D81D6A1327B3D134F3564B6F77DD9E65C63C232D35DE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.... ...U..{.B....1|.B.......B..........................6.:..DG..Yr?.D..U..k0.&...&......vk.v....Fb<j.B..B)c|.B......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^~Y='...........................%..A.p.p.D.a.t.a...B.P.1.....~YH'..Local.<......CW.^~YH'....b......................k\.L.o.c.a.l.....Z.1.....~YH'..Programs..B......~YH'~YH'...........................k\.P.r.o.g.r.a.m.s.....P.1.....~YM'..Lexus.<......~YK'~YM'.............................L.e.x.u.s.....~.2.....~Y.! .VERSIO~1.EXE..b......~YL'~YM'.............................v.e.r.s.i.o.n.-.i.e.x.p.r.e.s.s.-.x.6.4...e.x.e.......s...............-.......r............Y.......C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe..<.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.L.e.x.u.s.\.v.e.r.s.i.o.n.-.i.e.x.p.r.e.s.s.-.x.6.4...e.x.e.+.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.L.e.x.u.s.........|....I.J.H..K..:...`..

                                                                                                                                                                                                                C:\Windows\Installer\6b4cdf.msi

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG, Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov 29 15:27:42 2024, Number of Pages: 450
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):21343744
                                                                                                                                                                                                                Entropy (8bit):7.967822878642443
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:393216:0kXUJrUz+h+ZkrLP3HQlJBgJ2g1VXA3p81Es0LAxsX5PINm:0xrUOeGHwJRyO20LAxs58
                                                                                                                                                                                                                MD5:4A4CDA00A1E1A32986CC1130D7DB54CA
                                                                                                                                                                                                                SHA1:57BD34C1C3372DD72D5C7DDCAA5BFB1DC387F4E2
                                                                                                                                                                                                                SHA-256:5D2AB1EFE433963996B35B16231631E7A69A8F7C951B25009626111FBC23D560
                                                                                                                                                                                                                SHA-512:72D766FA5ED9421A633804CBBC2DF2E50B252C39C3E48B82A8A7ADB9ECB54224FFB96C5DEC0486C5B3EAAC41CD2CA29691BED3E6EE13C4FD89D8D5C88D195482
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...................F...........................................x.......{...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................m........................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                C:\Windows\Installer\6b4ce1.msi

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG, Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov 29 15:27:42 2024, Number of Pages: 450
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):21343744
                                                                                                                                                                                                                Entropy (8bit):7.967822878642443
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:393216:0kXUJrUz+h+ZkrLP3HQlJBgJ2g1VXA3p81Es0LAxsX5PINm:0xrUOeGHwJRyO20LAxs58
                                                                                                                                                                                                                MD5:4A4CDA00A1E1A32986CC1130D7DB54CA
                                                                                                                                                                                                                SHA1:57BD34C1C3372DD72D5C7DDCAA5BFB1DC387F4E2
                                                                                                                                                                                                                SHA-256:5D2AB1EFE433963996B35B16231631E7A69A8F7C951B25009626111FBC23D560
                                                                                                                                                                                                                SHA-512:72D766FA5ED9421A633804CBBC2DF2E50B252C39C3E48B82A8A7ADB9ECB54224FFB96C5DEC0486C5B3EAAC41CD2CA29691BED3E6EE13C4FD89D8D5C88D195482
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...................F...........................................x.......{...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................m........................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                C:\Windows\Installer\MSI4F9E.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Installer\MSI501C.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Installer\MSI504C.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1021792
                                                                                                                                                                                                                Entropy (8bit):6.608727172078022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Installer\MSI5128.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6812
                                                                                                                                                                                                                Entropy (8bit):5.467067329530596
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:7g67M9y13uG2m1Ei57wi9uS3CbamquA3bCebwXLeORhdDk+:7xn1/2523+tICeYLeo5
                                                                                                                                                                                                                MD5:C90EADC8D70C72BC204A288DEB132459
                                                                                                                                                                                                                SHA1:1AD3FDA074B2A313F3A9D402EB5C79468ABF73F0
                                                                                                                                                                                                                SHA-256:2476C07D88B9806F37623E86402AF947FE7A626B029864C8B24B2942EFA1715A
                                                                                                                                                                                                                SHA-512:F72E226298C3938EE1FA6F0506025F8156ADDD85E52927F5FC51489E9CA22E5270D8F218A4F9683566A764A7BB463DD9F83429474672BBF15C8A42F8B6EA6D5A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...@IXOS.@.....@G.}Y.@.....@.....@.....@.....@.....@......&.{C54536A2-F634-404D-88DE-77163336AD19}..LexusXA Installer..LexusXA Installer.msi.@.....@.....@.....@......red.exe..&.{6E016F4D-F842-4D13-BDA0-1D990584865D}.....@.....@.....@.....@.......@.....@.....@.......@......LexusXA Installer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{AEFDAAB7-0FA2-4559-A94E-055CC6BE8FEB}2.C:\Program Files (x86)\LexusORG\LexusXA Installer\.@.......@.....@.....@......&.{70DFDFCE-608B-4FB5-8825-1CA66A245E79}O.C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe.@.......@.....@.....@......&.{9056868B-8C66-444E-BB1D-D0CA92DF6E58}/.02:\Software\LexusORG\LexusXA Installer\Version.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".2.C:\Program Files (x86)\LexusORG\LexusXA Installer\.@........InstallFiles..Copying new files&.

                                                                                                                                                                                                                C:\Windows\Installer\SourceHash{C54536A2-F634-404D-88DE-77163336AD19}

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):1.1664061475526522
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:JSbX72FjcAGiLIlHVRpwh/7777777777777777777777777vDHF1idmzQgX2jXlN:JeQI5Y3iczF/F
                                                                                                                                                                                                                MD5:EE7F278CA9F710F708F566242D6BCCE4
                                                                                                                                                                                                                SHA1:B1BBEF484317DA16248C7EC1C94A985658D68E34
                                                                                                                                                                                                                SHA-256:6F2744513B1BB78005B08FF26B55023A47D18B3CDD02F2CF06930570A955ED93
                                                                                                                                                                                                                SHA-512:9713A1446538B4DBAA628743D4DD342F0FC196AFB8618F42B689FB66D40BE093DA16CEEA90AB24D15410C2CCC22C4E513F9F15CACD8599C729C3AE5E86005E7F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):1.5836414294458132
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:f8PhuuRc06WXJqnT5tSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:ehu1hnTexWRCPYE
                                                                                                                                                                                                                MD5:AB9B21BDB4A6DEDEFDD899DF38C486B2
                                                                                                                                                                                                                SHA1:245295683668E0642A6C7769F3FA2EEEBE68E0BE
                                                                                                                                                                                                                SHA-256:3CBF082EBBF4F37AFA1CF260576A576E49DDA5DAC74419A47F05DCCBEF6F13E0
                                                                                                                                                                                                                SHA-512:F36B1B696A4602AA211E8156A29A515AC7C9EFCEB5F3857E4736D18A5BDD2E01B513362A7E7250D965BA3C3973BE690C9887008F210019685C229EDD4329C438
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Installer\{C54536A2-F634-404D-88DE-77163336AD19}\red.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4286
                                                                                                                                                                                                                Entropy (8bit):4.3466140261187425
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:pid1EFmp5cedaWiTB5PiPV5JUXCyw3CbSdsqKX6uHgrTbCs3:pm1Ei57wi9uS3CbamquA3bCe
                                                                                                                                                                                                                MD5:0DE2B14E2259F7610D1D0AA2DDCB9211
                                                                                                                                                                                                                SHA1:C660F72E18A8DBD8AA32DD3554F672E29EAAA904
                                                                                                                                                                                                                SHA-256:1E7234C2960849C07EC422A57DBABC5438FBCF66DCF23613E63FFF35EAE16263
                                                                                                                                                                                                                SHA-512:72DFBC09F740452F19B640FDB03CC16FCD7E01FB7979244F57D2EC1F26D39E215EB228CA50C82F9CDDC64B4D97DDF729E57D4D4E45D8A178E481070C264A7246
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...... .... .........(... ...@..... .................................................&,C.............................................................................................................................9Aa...4.............................................................................................................................2<f...-.........!!2..................................................................................................................#V...)...........9...&...........................................................................7...................................L...'...........,.........................................................................!._...?...................................D...%...........'.......................................................................-. +Z.."B...................................?...&.........$$6...................................................................:...0..)Z..&G...........................

                                                                                                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):432221
                                                                                                                                                                                                                Entropy (8bit):5.375173841622214
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau/:zTtbmkExhMJCIpErq
                                                                                                                                                                                                                MD5:8DDCD4573B76DCA0E8BDA25736794A84
                                                                                                                                                                                                                SHA1:2D2DE89B6AB11D55282A75066331D3DA86DB7B51
                                                                                                                                                                                                                SHA-256:FACCD26730077E7DA5A14E0EC7BFE8AF9EBB571B03152D1775A3D51A5A89E780
                                                                                                                                                                                                                SHA-512:BB4486011EC53DC9797050625BD7687D20FE2ACFBED370EE87530E40B27CD7E3339E2900FD808963A96B83D3005379CED3F66D633693569F6BDD8875E3B9FBEC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                C:\Windows\Temp\~DF1FF8B1B79E81DE1F.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):0.07386696352507555
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKONb0Rdmzwc2/gXLICVky6ljX:2F0i8n0itFzDHF1idmzQgX2jX
                                                                                                                                                                                                                MD5:056A80D70756FE71EB3F199C83E81212
                                                                                                                                                                                                                SHA1:1E3DCA5738D8C70CB31122A41DF0701EDCB6729E
                                                                                                                                                                                                                SHA-256:2D194DF485D083F0846C007D46DCC21AE7DF88EF730DB19487F7BDE3A8E8E5A1
                                                                                                                                                                                                                SHA-512:364D95AFD55699EFEF4538742D401DAD5B4B3358EB733EC4E3EA16F4A62EC2A1E1FE9476839E9E2D7BDE44F15466C878EF767EC3F87C01F2BF057E0567356B79
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF260D35A8E4F96F5C.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):1.5836414294458132
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:f8PhuuRc06WXJqnT5tSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:ehu1hnTexWRCPYE
                                                                                                                                                                                                                MD5:AB9B21BDB4A6DEDEFDD899DF38C486B2
                                                                                                                                                                                                                SHA1:245295683668E0642A6C7769F3FA2EEEBE68E0BE
                                                                                                                                                                                                                SHA-256:3CBF082EBBF4F37AFA1CF260576A576E49DDA5DAC74419A47F05DCCBEF6F13E0
                                                                                                                                                                                                                SHA-512:F36B1B696A4602AA211E8156A29A515AC7C9EFCEB5F3857E4736D18A5BDD2E01B513362A7E7250D965BA3C3973BE690C9887008F210019685C229EDD4329C438
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF32AB5B47082F9D6A.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):1.2663541572736983
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:PHmugM+CFXJ5T5EjSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:Pm4hTu+xWRCPYE
                                                                                                                                                                                                                MD5:3A85F47DE421A7261051636631DAEB17
                                                                                                                                                                                                                SHA1:3C66419BB7B58664F75A250A3E52E9FC82D1A848
                                                                                                                                                                                                                SHA-256:35ACB91DFA7A6CA286ABAC89B815351E6248032170E93E16CACF8B1A7B3E5702
                                                                                                                                                                                                                SHA-512:8C38078A1308015B52D00C56C4BBBB95D3D2E9941A8BCA40A77BCB02D009F7BDFAA6FE4F820D1B4B58A811C6CD41508C1CF28C032FA0F28C5A2F505A24D6B6A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF4A2DEC39AF7DEA3A.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF4F8D4649F565E836.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):1.2663541572736983
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:PHmugM+CFXJ5T5EjSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:Pm4hTu+xWRCPYE
                                                                                                                                                                                                                MD5:3A85F47DE421A7261051636631DAEB17
                                                                                                                                                                                                                SHA1:3C66419BB7B58664F75A250A3E52E9FC82D1A848
                                                                                                                                                                                                                SHA-256:35ACB91DFA7A6CA286ABAC89B815351E6248032170E93E16CACF8B1A7B3E5702
                                                                                                                                                                                                                SHA-512:8C38078A1308015B52D00C56C4BBBB95D3D2E9941A8BCA40A77BCB02D009F7BDFAA6FE4F820D1B4B58A811C6CD41508C1CF28C032FA0F28C5A2F505A24D6B6A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF721735F029A9F266.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DF74B66CF901F4F435.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DFAB3AD4281FC78541.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DFCDD415F8769C9FB1.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):1.5836414294458132
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:f8PhuuRc06WXJqnT5tSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:ehu1hnTexWRCPYE
                                                                                                                                                                                                                MD5:AB9B21BDB4A6DEDEFDD899DF38C486B2
                                                                                                                                                                                                                SHA1:245295683668E0642A6C7769F3FA2EEEBE68E0BE
                                                                                                                                                                                                                SHA-256:3CBF082EBBF4F37AFA1CF260576A576E49DDA5DAC74419A47F05DCCBEF6F13E0
                                                                                                                                                                                                                SHA-512:F36B1B696A4602AA211E8156A29A515AC7C9EFCEB5F3857E4736D18A5BDD2E01B513362A7E7250D965BA3C3973BE690C9887008F210019685C229EDD4329C438
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DFDF9EE5A7CF354A25.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DFEA465B43E6B7917D.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                                                Entropy (8bit):0.14324075095507224
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:qpT4dS3SkdSwdSZAEkrCysTSkdS5eokoexFS:m7RCPYwx
                                                                                                                                                                                                                MD5:F0442428E1237ACE30C8483C2D8181FD
                                                                                                                                                                                                                SHA1:93E8AA40F7AC9FF9EC38304C1C82E991814B8CF4
                                                                                                                                                                                                                SHA-256:241909F9CD9460785959A1BC5849DA25303BF95635CE70B21ACF8E8E8ADAE8AB
                                                                                                                                                                                                                SHA-512:0B07D2CB8C9566C0B45ABC28B998B2DE6AA354E7F25B908621589BDF15DF8969D236A0157499410379A831DDCF96F85467D94AC6BD75593F104A6D808F045C2C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Windows\Temp\~DFEB36C11E859D70F1.TMP

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):1.2663541572736983
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:PHmugM+CFXJ5T5EjSZxCdSZAEkrCysTSkdS5eokoRdS3SkdSdTj:Pm4hTu+xWRCPYE
                                                                                                                                                                                                                MD5:3A85F47DE421A7261051636631DAEB17
                                                                                                                                                                                                                SHA1:3C66419BB7B58664F75A250A3E52E9FC82D1A848
                                                                                                                                                                                                                SHA-256:35ACB91DFA7A6CA286ABAC89B815351E6248032170E93E16CACF8B1A7B3E5702
                                                                                                                                                                                                                SHA-512:8C38078A1308015B52D00C56C4BBBB95D3D2E9941A8BCA40A77BCB02D009F7BDFAA6FE4F820D1B4B58A811C6CD41508C1CF28C032FA0F28C5A2F505A24D6B6A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG, Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov 29 15:27:42 2024, Number of Pages: 450
                                                                                                                                                                                                                Entropy (8bit):7.967822878642443
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                                                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                                                                                                                                                                                File name:LexusXA Installer.msi
                                                                                                                                                                                                                File size:21'343'744 bytes
                                                                                                                                                                                                                MD5:4a4cda00a1e1a32986cc1130d7db54ca
                                                                                                                                                                                                                SHA1:57bd34c1c3372dd72d5c7ddcaa5bfb1dc387f4e2
                                                                                                                                                                                                                SHA256:5d2ab1efe433963996b35b16231631e7a69a8f7c951b25009626111fbc23d560
                                                                                                                                                                                                                SHA512:72d766fa5ed9421a633804cbbc2df2e50b252c39c3e48b82a8a7adb9ecb54224ffb96c5dec0486c5b3eaac41cd2ca29691bed3e6ee13c4fd89d8d5c88d195482
                                                                                                                                                                                                                SSDEEP:393216:0kXUJrUz+h+ZkrLP3HQlJBgJ2g1VXA3p81Es0LAxsX5PINm:0xrUOeGHwJRyO20LAxs58
                                                                                                                                                                                                                TLSH:84273311B287C63EE56D45B79928FE1E153DAEA7073001D3B3F8B95E9DB08C16279A03
                                                                                                                                                                                                                File Content Preview:........................>...................F...........................................x.......{..............................................................................................................................................................

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.449071884 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.449105978 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.449173927 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.450342894 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.450355053 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.801676035 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.802592993 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.802613974 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.803489923 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.803672075 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.805097103 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.805217028 CET44349737162.159.137.232192.168.2.4
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.805263042 CET49737443192.168.2.4162.159.137.232
                                                                                                                                                                                                                Nov 30, 2024 05:58:37.805303097 CET49737443192.168.2.4162.159.137.232

                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.308850050 CET6306753192.168.2.41.1.1.1
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET53630671.1.1.1192.168.2.4

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.308850050 CET192.168.2.41.1.1.10x8d31Standard query (0)discord.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET1.1.1.1192.168.2.40x8d31No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET1.1.1.1192.168.2.40x8d31No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET1.1.1.1192.168.2.40x8d31No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET1.1.1.1192.168.2.40x8d31No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Nov 30, 2024 05:58:36.446135044 CET1.1.1.1192.168.2.40x8d31No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false

                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:23:58:00
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\LexusXA Installer.msi"
                                                                                                                                                                                                                Imagebase:0x7ff738d50000
                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                Start time:23:58:00
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                Imagebase:0x7ff738d50000
                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                Start time:23:58:00
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C
                                                                                                                                                                                                                Imagebase:0x7d0000
                                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                Start time:23:58:12
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0
                                                                                                                                                                                                                Imagebase:0x7d0000
                                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                Start time:23:58:14
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
                                                                                                                                                                                                                Imagebase:0xce0000
                                                                                                                                                                                                                File size:20'133'249 bytes
                                                                                                                                                                                                                MD5 hash:4A1316F8CF2A432B956BBB00E6AEB2B8
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 33%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                Start time:23:58:15
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
                                                                                                                                                                                                                Imagebase:0x740000
                                                                                                                                                                                                                File size:3'284'480 bytes
                                                                                                                                                                                                                MD5 hash:C8E01A284D740A1B8962C82CD10667C2
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                Start time:23:58:26
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe"
                                                                                                                                                                                                                Imagebase:0x7ff7cc9c0000
                                                                                                                                                                                                                File size:18'222'592 bytes
                                                                                                                                                                                                                MD5 hash:18E2B102B1D60F32601C0A398B34301E
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                Start time:23:58:28
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
                                                                                                                                                                                                                Imagebase:0xe30000
                                                                                                                                                                                                                File size:18'201'888 bytes
                                                                                                                                                                                                                MD5 hash:5191B4E806CD706AF380B5995B602EAE
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 42%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                Start time:23:58:29
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
                                                                                                                                                                                                                Imagebase:0x7ff70e890000
                                                                                                                                                                                                                File size:18'301'069 bytes
                                                                                                                                                                                                                MD5 hash:A58F0BC8A2E552B1E03870D5326FF4DF
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 37%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                Start time:23:58:32
                                                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
                                                                                                                                                                                                                Imagebase:0x7ff70e890000
                                                                                                                                                                                                                File size:18'301'069 bytes
                                                                                                                                                                                                                MD5 hash:A58F0BC8A2E552B1E03870D5326FF4DF
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FF7CC9C8964 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2071281827.00007FF7CC9C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CC9C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2071258433.00007FF7CC9C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2071330867.00007FF7CC9CC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2071357301.00007FF7CC9CE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2071357301.00007FF7CD3CE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff7cc9c0000_version-iexpress-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4104442557-0
                                                                                                                                                                                                                  • Opcode ID: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                  • Instruction ID: 85c7798c7f242c6ff7d3f97958dc86a3968c523b2bbf81f5e9d2188fe591e0c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF113D32A04F81CAEB10EF75E8442A873A4FB09768F810A34EA6E47794DF7CD5A4C750

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:9.3%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:10.4%
                                                                                                                                                                                                                  Total number of Nodes:1471
                                                                                                                                                                                                                  Total number of Limit Nodes:29
                                                                                                                                                                                                                  execution_graph 24708 e529e0 RtlUnwind 24769 e4a3e1 102 API calls 24771 e49fee GetDlgItem KiUserCallbackDispatcher ShowWindow SendMessageW 24672 e5f4f4 IsProcessorFeaturePresent 23015 e598f0 23017 e598fb 23015->23017 23018 e59924 23017->23018 23019 e59920 23017->23019 23021 e59c02 23017->23021 23028 e59948 DeleteCriticalSection 23018->23028 23029 e59990 23021->23029 23024 e59c47 InitializeCriticalSectionAndSpinCount 23027 e59c32 23024->23027 23025 e4e203 ___delayLoadHelper2@8 5 API calls 23026 e59c5e 23025->23026 23026->23017 23027->23025 23028->23019 23030 e599c0 23029->23030 23033 e599bc 23029->23033 23030->23024 23030->23027 23031 e599e0 23031->23030 23034 e599ec GetProcAddress 23031->23034 23033->23030 23033->23031 23036 e59a2c 23033->23036 23035 e599fc __crt_fast_encode_pointer 23034->23035 23035->23030 23037 e59a42 23036->23037 23038 e59a4d LoadLibraryExW 23036->23038 23037->23033 23039 e59a82 23038->23039 23040 e59a6a GetLastError 23038->23040 23039->23037 23042 e59a99 FreeLibrary 23039->23042 23040->23039 23041 e59a75 LoadLibraryExW 23040->23041 23041->23039 23042->23037 24566 e4baf9 24568 e4bafe 24566->24568 24577 e4b51b _wcsrchr 24566->24577 24568->24577 24592 e4c431 24568->24592 24570 e4c0c4 24572 e4b808 SetWindowTextW 24572->24577 24575 e52b5e 22 API calls 24575->24577 24577->24570 24577->24572 24577->24575 24582 e4b5ec ___scrt_fastfail 24577->24582 24616 e41410 CompareStringW 24577->24616 24617 e495f8 GetCurrentDirectoryW 24577->24617 24618 e3a215 7 API calls 24577->24618 24621 e3a19e FindClose 24577->24621 24622 e4a2ae 76 API calls new 24577->24622 24623 e4a156 ExpandEnvironmentStringsW 24577->24623 24578 e4b5f9 SetFileAttributesW 24580 e4b6b4 GetFileAttributesW 24578->24580 24578->24582 24580->24582 24583 e4b6c2 DeleteFileW 24580->24583 24582->24577 24582->24578 24584 e4b9d2 GetDlgItem SetWindowTextW SendMessageW 24582->24584 24586 e33e41 _swprintf 51 API calls 24582->24586 24587 e4ba14 SendMessageW 24582->24587 24591 e4b690 SHFileOperationW 24582->24591 24619 e3b1b7 52 API calls 2 library calls 24582->24619 24620 e3a215 7 API calls 24582->24620 24583->24582 24584->24582 24588 e4b6f7 GetFileAttributesW 24586->24588 24587->24577 24588->24582 24589 e4b708 MoveFileW 24588->24589 24589->24582 24590 e4b720 MoveFileExW 24589->24590 24590->24582 24591->24580 24593 e4c43b ___scrt_fastfail 24592->24593 24594 e4c526 24593->24594 24599 e4c693 24593->24599 24624 e41410 CompareStringW 24593->24624 24596 e39e6b 4 API calls 24594->24596 24597 e4c53b 24596->24597 24598 e4c55a ShellExecuteExW 24597->24598 24625 e3aed7 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 24597->24625 24598->24599 24600 e4c56d 24598->24600 24599->24577 24603 e4c597 IsWindowVisible 24600->24603 24604 e4c5a8 WaitForInputIdle 24600->24604 24605 e4c5fe CloseHandle 24600->24605 24602 e4c552 24602->24598 24603->24604 24606 e4c5a2 ShowWindow 24603->24606 24607 e4c8f0 3 API calls 24604->24607 24608 e4c60c 24605->24608 24609 e4c617 24605->24609 24606->24604 24610 e4c5c0 24607->24610 24626 e41410 CompareStringW 24608->24626 24609->24599 24613 e4c68e ShowWindow 24609->24613 24610->24605 24612 e4c5d3 GetExitCodeProcess 24610->24612 24612->24605 24614 e4c5e6 24612->24614 24613->24599 24614->24605 24616->24577 24617->24577 24618->24577 24619->24582 24620->24582 24621->24577 24622->24577 24623->24577 24624->24594 24625->24602 24626->24609 24711 e4e1f9 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24741 e486f9 GetClientRect 24673 e590fa 21 API calls 2 library calls 24712 e525c0 5 API calls 2 library calls 24714 e591c2 71 API calls _free 24772 e493cd GdipDisposeImage GdipFree pre_c_initialization 24774 e49fc9 78 API calls 24715 e4e1ca 28 API calls 2 library calls 23717 e4a5d1 23718 e4a5db __EH_prolog 23717->23718 23880 e312d7 23718->23880 23721 e4acb2 23956 e4c343 23721->23956 23722 e4a61d 23725 e4a693 23722->23725 23726 e4a62a 23722->23726 23787 e4a609 23722->23787 23731 e4a732 GetDlgItemTextW 23725->23731 23735 e4a6ad 23725->23735 23727 e4a666 23726->23727 23728 e4a62f 23726->23728 23738 e4a687 EndDialog 23727->23738 23727->23787 23736 e3da42 53 API calls 23728->23736 23728->23787 23729 e4acd0 SendMessageW 23730 e4acde 23729->23730 23732 e4ace7 SendDlgItemMessageW 23730->23732 23733 e4acf8 GetDlgItem SendMessageW 23730->23733 23731->23727 23734 e4a769 23731->23734 23732->23733 23974 e495f8 GetCurrentDirectoryW 23733->23974 23739 e4a781 GetDlgItem 23734->23739 23877 e4a772 23734->23877 23740 e3da42 53 API calls 23735->23740 23742 e4a649 23736->23742 23738->23787 23744 e4a795 SendMessageW SendMessageW 23739->23744 23745 e4a7bb SetFocus 23739->23745 23741 e4a6cf SetDlgItemTextW 23740->23741 23747 e4a6dd 23741->23747 23996 e31217 SHGetMalloc 23742->23996 23743 e4ad2a GetDlgItem 23749 e4ad43 23743->23749 23750 e4ad49 SetWindowTextW 23743->23750 23744->23745 23746 e4a7cb 23745->23746 23761 e4a7d7 23745->23761 23751 e3da42 53 API calls 23746->23751 23756 e4a6ea GetMessageW 23747->23756 23747->23787 23749->23750 23975 e49a32 GetClassNameW 23750->23975 23755 e4a7d5 23751->23755 23752 e4a650 23757 e4a654 SetDlgItemTextW 23752->23757 23752->23787 23753 e4ac52 23758 e3da42 53 API calls 23753->23758 23890 e4c190 23755->23890 23760 e4a701 IsDialogMessageW 23756->23760 23756->23787 23757->23787 23762 e4ac62 SetDlgItemTextW 23758->23762 23760->23747 23765 e4a710 TranslateMessage DispatchMessageW 23760->23765 23768 e3da42 53 API calls 23761->23768 23766 e4ac76 23762->23766 23765->23747 23772 e3da42 53 API calls 23766->23772 23771 e4a809 23768->23771 23769 e4a82c 23900 e39d3a 23769->23900 23770 e4ad94 23775 e4adc4 23770->23775 23779 e3da42 53 API calls 23770->23779 23776 e33e41 _swprintf 51 API calls 23771->23776 23777 e4ac9f 23772->23777 23774 e4b4c7 99 API calls 23774->23770 23780 e4ae7c 23775->23780 23786 e4b4c7 99 API calls 23775->23786 23776->23755 23781 e3da42 53 API calls 23777->23781 23785 e4ada7 SetDlgItemTextW 23779->23785 23782 e4af2c 23780->23782 23813 e4af0a 23780->23813 23823 e3da42 53 API calls 23780->23823 23781->23787 23788 e4af35 EnableWindow 23782->23788 23789 e4af3e 23782->23789 23783 e4a861 GetLastError 23784 e4a868 23783->23784 23906 e49a8d SetCurrentDirectoryW 23784->23906 23791 e3da42 53 API calls 23785->23791 23794 e4addf 23786->23794 23788->23789 23798 e4af5b 23789->23798 24005 e31294 GetDlgItem KiUserCallbackDispatcher 23789->24005 23793 e4adbb SetDlgItemTextW 23791->23793 23792 e4a87e 23800 e4a887 GetLastError 23792->23800 23801 e4a891 23792->23801 23793->23775 23795 e4adf1 23794->23795 23817 e4ae16 23794->23817 24003 e48fe6 32 API calls 23795->24003 23797 e4ae6f 23804 e4b4c7 99 API calls 23797->23804 23799 e4af82 23798->23799 23808 e4af7a SendMessageW 23798->23808 23799->23787 23805 e3da42 53 API calls 23799->23805 23800->23801 23809 e4a90c 23801->23809 23812 e4a91c 23801->23812 23814 e4a8a9 GetTickCount 23801->23814 23803 e4af51 24006 e31294 GetDlgItem KiUserCallbackDispatcher 23803->24006 23804->23780 23810 e4af9b SetDlgItemTextW 23805->23810 23806 e4ae0a 23806->23817 23808->23799 23811 e4ab55 23809->23811 23809->23812 23810->23787 23915 e312b2 GetDlgItem ShowWindow 23811->23915 23819 e4a934 GetModuleFileNameW 23812->23819 23820 e4aaf0 23812->23820 24004 e48fe6 32 API calls 23813->24004 23816 e33e41 _swprintf 51 API calls 23814->23816 23822 e4a8c6 23816->23822 23817->23797 23824 e4b4c7 99 API calls 23817->23824 23997 e3e7aa 80 API calls 23819->23997 23820->23727 23828 e3da42 53 API calls 23820->23828 23821 e4af29 23821->23782 23907 e39528 23822->23907 23823->23780 23829 e4ae44 23824->23829 23825 e4ab65 23916 e312b2 GetDlgItem ShowWindow 23825->23916 23827 e4a95e 23831 e33e41 _swprintf 51 API calls 23827->23831 23832 e4ab04 23828->23832 23829->23797 23833 e4ae4d DialogBoxParamW 23829->23833 23835 e4a980 CreateFileMappingW 23831->23835 23836 e33e41 _swprintf 51 API calls 23832->23836 23833->23727 23833->23797 23834 e4ab6f 23838 e3da42 53 API calls 23834->23838 23840 e4a9e2 GetCommandLineW 23835->23840 23874 e4aa5f __vswprintf_c_l 23835->23874 23841 e4ab22 23836->23841 23839 e4ab79 SetDlgItemTextW 23838->23839 23917 e312b2 GetDlgItem ShowWindow 23839->23917 23845 e4a9f3 23840->23845 23853 e3da42 53 API calls 23841->23853 23842 e4a8ec 23846 e4a8f3 GetLastError 23842->23846 23847 e4a8fa 23842->23847 23844 e4aa6a ShellExecuteExW 23858 e4aa87 23844->23858 23998 e4a24e SHGetMalloc 23845->23998 23846->23847 23850 e3946e 79 API calls 23847->23850 23848 e4ab8d SetDlgItemTextW GetDlgItem 23851 e4aba6 GetWindowLongW SetWindowLongW 23848->23851 23852 e4abbe 23848->23852 23850->23809 23851->23852 23918 e4b4c7 23852->23918 23853->23727 23854 e4aa0f 23999 e4a24e SHGetMalloc 23854->23999 23861 e4aaca 23858->23861 23862 e4aa9c WaitForInputIdle 23858->23862 23859 e4aa1b 24000 e4a24e SHGetMalloc 23859->24000 23860 e4b4c7 99 API calls 23864 e4abda 23860->23864 23861->23820 23869 e4aae0 UnmapViewOfFile CloseHandle 23861->23869 23865 e4aab1 23862->23865 23944 e4c6ff 23864->23944 23865->23861 23868 e4aab6 Sleep 23865->23868 23866 e4aa27 24001 e3e90c 80 API calls ___scrt_fastfail 23866->24001 23868->23861 23868->23865 23869->23820 23872 e4aa3e MapViewOfFile 23872->23874 23874->23844 23877->23727 23877->23753 23881 e312e0 23880->23881 23882 e31339 23880->23882 23883 e31346 23881->23883 24007 e3d70b 62 API calls 2 library calls 23881->24007 24008 e3d6e4 GetWindowLongW SetWindowLongW 23882->24008 23883->23721 23883->23722 23883->23787 23886 e31302 23886->23883 23887 e31315 GetDlgItem 23886->23887 23887->23883 23888 e31325 23887->23888 23888->23883 23889 e3132b SetWindowTextW 23888->23889 23889->23883 23891 e4a388 5 API calls 23890->23891 23892 e4c19c GetDlgItem 23891->23892 23893 e4c1f1 SendMessageW SendMessageW 23892->23893 23894 e4c1c1 23892->23894 23895 e4c248 SendMessageW SendMessageW SendMessageW 23893->23895 23896 e4c229 23893->23896 23897 e4c1cc ShowWindow SendMessageW SendMessageW 23894->23897 23898 e4c292 SendMessageW 23895->23898 23899 e4c273 SendMessageW 23895->23899 23896->23895 23897->23893 23898->23769 23899->23898 23903 e39d44 23900->23903 23901 e39dd5 23902 e39ef2 9 API calls 23901->23902 23904 e39dfe 23901->23904 23902->23904 23903->23901 23903->23904 24009 e39ef2 23903->24009 23904->23783 23904->23784 23906->23792 23908 e39532 23907->23908 23909 e3959c CreateFileW 23908->23909 23910 e39590 23908->23910 23909->23910 23911 e395ee 23910->23911 23912 e3b32c 2 API calls 23910->23912 23911->23842 23913 e395d5 23912->23913 23913->23911 23914 e395d9 CreateFileW 23913->23914 23914->23911 23915->23825 23916->23834 23917->23848 23919 e4b4d1 __EH_prolog 23918->23919 23920 e4abcc 23919->23920 24041 e4a156 ExpandEnvironmentStringsW 23919->24041 23920->23860 23924 e4b808 SetWindowTextW 23929 e4b508 _wcsrchr 23924->23929 23929->23920 23929->23924 23942 e4b5ec ___scrt_fastfail 23929->23942 24042 e41410 CompareStringW 23929->24042 24043 e495f8 GetCurrentDirectoryW 23929->24043 24044 e3a215 7 API calls 23929->24044 24047 e3a19e FindClose 23929->24047 24048 e4a2ae 76 API calls new 23929->24048 24049 e52b5e 23929->24049 24062 e4a156 ExpandEnvironmentStringsW 23929->24062 23930 e4b5f9 SetFileAttributesW 23932 e4b6b4 GetFileAttributesW 23930->23932 23930->23942 23934 e4b6c2 DeleteFileW 23932->23934 23932->23942 23934->23942 23935 e4b9d2 GetDlgItem SetWindowTextW SendMessageW 23935->23942 23937 e33e41 _swprintf 51 API calls 23939 e4b6f7 GetFileAttributesW 23937->23939 23938 e4ba14 SendMessageW 23938->23929 23940 e4b708 MoveFileW 23939->23940 23939->23942 23941 e4b720 MoveFileExW 23940->23941 23940->23942 23941->23942 23942->23929 23942->23930 23942->23935 23942->23937 23942->23938 23943 e4b690 SHFileOperationW 23942->23943 24045 e3b1b7 52 API calls 2 library calls 23942->24045 24046 e3a215 7 API calls 23942->24046 23943->23932 23945 e4c709 __EH_prolog 23944->23945 24065 e3fb08 76 API calls 23945->24065 23947 e4c73a 24066 e35a9f 76 API calls 23947->24066 23949 e4c758 24067 e37adf 78 API calls 2 library calls 23949->24067 23951 e4c79c 24068 e37c55 23951->24068 23953 e4c7ab 24077 e37b71 84 API calls 23953->24077 23957 e4c350 23956->23957 23958 e4952a 6 API calls 23957->23958 23959 e4c355 23958->23959 23960 e4c35d GetWindow 23959->23960 23961 e4acb8 23959->23961 23960->23961 23964 e4c379 23960->23964 23961->23729 23961->23730 23962 e4c386 GetClassNameW 24517 e41410 CompareStringW 23962->24517 23964->23961 23964->23962 23965 e4c3ae GetWindowLongW 23964->23965 23966 e4c40f GetWindow 23964->23966 23965->23966 23967 e4c3be SendMessageW 23965->23967 23966->23961 23966->23964 23967->23966 23968 e4c3d4 GetObjectW 23967->23968 24518 e4958c GetDC GetDeviceCaps ReleaseDC 23968->24518 23970 e4c3e9 24519 e49549 GetDC GetDeviceCaps ReleaseDC 23970->24519 24520 e4975d 8 API calls ___scrt_fastfail 23970->24520 23973 e4c3f9 SendMessageW DeleteObject 23973->23966 23974->23743 23976 e49a53 23975->23976 23977 e49a78 23975->23977 24521 e41410 CompareStringW 23976->24521 23978 e49a86 23977->23978 23979 e49a7d SHAutoComplete 23977->23979 23983 e49eef 23978->23983 23979->23978 23981 e49a66 23981->23977 23982 e49a6a FindWindowExW 23981->23982 23982->23977 23984 e49ef9 __EH_prolog 23983->23984 23985 e3137d 82 API calls 23984->23985 23986 e49f1b 23985->23986 24522 e31e9e 23986->24522 23989 e49f44 23992 e3192e 128 API calls 23989->23992 23990 e49f35 23991 e3162d 84 API calls 23990->23991 23995 e49f40 23991->23995 23993 e49f66 __vswprintf_c_l new 23992->23993 23994 e3162d 84 API calls 23993->23994 23994->23995 23995->23770 23995->23774 23996->23752 23997->23827 23998->23854 23999->23859 24000->23866 24001->23872 24003->23806 24004->23821 24005->23803 24006->23798 24007->23886 24008->23883 24010 e39eff 24009->24010 24011 e39f23 24010->24011 24012 e39f16 CreateDirectoryW 24010->24012 24030 e39e6b 24011->24030 24012->24011 24014 e39f56 24012->24014 24020 e39f65 24014->24020 24022 e3a12f 24014->24022 24016 e39f69 GetLastError 24016->24020 24017 e3b32c 2 API calls 24019 e39f3f 24017->24019 24019->24016 24021 e39f43 CreateDirectoryW 24019->24021 24020->23903 24021->24014 24021->24016 24023 e4d940 24022->24023 24024 e3a13c SetFileAttributesW 24023->24024 24025 e3a152 24024->24025 24026 e3a17f 24024->24026 24027 e3b32c 2 API calls 24025->24027 24026->24020 24028 e3a166 24027->24028 24028->24026 24029 e3a16a SetFileAttributesW 24028->24029 24029->24026 24033 e39e7f 24030->24033 24034 e4d940 24033->24034 24035 e39e8c GetFileAttributesW 24034->24035 24036 e39e74 24035->24036 24037 e39e9d 24035->24037 24036->24016 24036->24017 24038 e3b32c 2 API calls 24037->24038 24039 e39eb1 24038->24039 24039->24036 24040 e39eb5 GetFileAttributesW 24039->24040 24040->24036 24041->23929 24042->23929 24043->23929 24044->23929 24045->23942 24046->23942 24047->23929 24048->23929 24050 e57b78 24049->24050 24051 e57b85 24050->24051 24052 e57b90 24050->24052 24054 e57a8a __onexit 21 API calls 24051->24054 24053 e57b98 24052->24053 24060 e57ba1 _abort 24052->24060 24055 e57a50 _free 20 API calls 24053->24055 24058 e57b8d 24054->24058 24055->24058 24056 e57ba6 24063 e57ecc 20 API calls _abort 24056->24063 24057 e57bcb HeapReAlloc 24057->24058 24057->24060 24058->23929 24060->24056 24060->24057 24064 e56763 7 API calls 2 library calls 24060->24064 24062->23929 24063->24058 24064->24060 24065->23947 24066->23949 24067->23951 24069 e37c5f 24068->24069 24070 e37cc9 24069->24070 24100 e3a1b1 24069->24100 24073 e37d39 24070->24073 24075 e3a1b1 8 API calls 24070->24075 24078 e381c4 24070->24078 24072 e37d7b 24072->23953 24073->24072 24106 e3134c 74 API calls 24073->24106 24075->24070 24079 e381ce __EH_prolog 24078->24079 24107 e3137d 24079->24107 24081 e381e9 24115 e39c0e 24081->24115 24087 e38214 24088 e38218 24087->24088 24097 e3a1b1 8 API calls 24087->24097 24098 e382b3 24087->24098 24242 e3b782 CompareStringW 24087->24242 24238 e3162d 24088->24238 24091 e38313 24141 e31e4f 24091->24141 24095 e3831e 24095->24088 24145 e3391a 24095->24145 24155 e383c0 24095->24155 24097->24087 24134 e3835c 24098->24134 24101 e3a1c6 24100->24101 24102 e3a1ca 24101->24102 24505 e3a2df 24101->24505 24102->24069 24104 e3a1da 24104->24102 24105 e3a1df FindClose 24104->24105 24105->24102 24106->24072 24108 e31382 __EH_prolog 24107->24108 24243 e3c4ca 24108->24243 24110 e313b9 24111 e4d82c new 8 API calls 24110->24111 24114 e31412 ___scrt_fastfail 24110->24114 24112 e313ff 24111->24112 24113 e3ad1b 82 API calls 24112->24113 24112->24114 24113->24114 24114->24081 24116 e39c19 24115->24116 24117 e381ff 24116->24117 24249 e36d9a 76 API calls 24116->24249 24117->24088 24119 e31973 24117->24119 24120 e3197d __EH_prolog 24119->24120 24127 e319c0 24120->24127 24132 e319a5 24120->24132 24250 e36ed7 24120->24250 24122 e31ae3 24253 e3134c 74 API calls 24122->24253 24124 e3391a 98 API calls 24129 e31b3a 24124->24129 24125 e31af3 24125->24124 24125->24132 24126 e31b7d 24126->24132 24133 e31bac 24126->24133 24254 e3134c 74 API calls 24126->24254 24127->24122 24127->24125 24127->24132 24129->24126 24130 e3391a 98 API calls 24129->24130 24130->24129 24131 e3391a 98 API calls 24131->24133 24132->24087 24133->24131 24133->24132 24135 e38369 24134->24135 24272 e40878 GetSystemTime SystemTimeToFileTime 24135->24272 24137 e382cd 24137->24091 24138 e40fbd 24137->24138 24274 e4cafe 24138->24274 24142 e31e54 __EH_prolog 24141->24142 24143 e31e88 24142->24143 24282 e3192e 24142->24282 24143->24095 24146 e33926 24145->24146 24147 e3392a 24145->24147 24146->24095 24148 e33957 24147->24148 24149 e33949 24147->24149 24440 e32692 98 API calls 3 library calls 24148->24440 24150 e33989 24149->24150 24439 e330fc 86 API calls 3 library calls 24149->24439 24150->24095 24153 e33955 24153->24150 24441 e31ef8 74 API calls 24153->24441 24156 e383ca __EH_prolog 24155->24156 24157 e38403 24156->24157 24162 e38407 24156->24162 24470 e480d0 101 API calls 24156->24470 24158 e3842c 24157->24158 24161 e384b5 24157->24161 24157->24162 24160 e3844e 24158->24160 24158->24162 24471 e379a7 153 API calls 24158->24471 24160->24162 24472 e480d0 101 API calls 24160->24472 24161->24162 24442 e35c80 24161->24442 24162->24095 24166 e38540 24166->24162 24450 e380b1 24166->24450 24169 e386a7 24170 e3a1b1 8 API calls 24169->24170 24171 e38712 24169->24171 24170->24171 24454 e37be2 24171->24454 24173 e3c634 80 API calls 24176 e3876d _memcmp 24173->24176 24174 e3889f 24175 e38972 24174->24175 24182 e388ee 24174->24182 24180 e389cd 24175->24180 24193 e3897d 24175->24193 24176->24162 24176->24173 24176->24174 24177 e38898 24176->24177 24473 e3807d 83 API calls 24176->24473 24474 e36bf5 74 API calls 24176->24474 24475 e36bf5 74 API calls 24177->24475 24191 e3895f 24180->24191 24478 e37f5f 96 API calls 24180->24478 24181 e389cb 24184 e3946e 79 API calls 24181->24184 24185 e39e6b 4 API calls 24182->24185 24182->24191 24183 e38ff0 24187 e3946e 79 API calls 24183->24187 24184->24162 24190 e38926 24185->24190 24187->24162 24188 e38a38 24188->24183 24189 e38aa3 24188->24189 24192 e39745 GetFileType 24188->24192 24194 e3a728 8 API calls 24189->24194 24190->24191 24476 e3919c 96 API calls 24190->24476 24191->24181 24191->24188 24195 e38a7b 24192->24195 24193->24181 24477 e37d9b 100 API calls pre_c_initialization 24193->24477 24197 e38af2 24194->24197 24195->24189 24479 e36bf5 74 API calls 24195->24479 24199 e3a728 8 API calls 24197->24199 24217 e38b08 24199->24217 24201 e38a91 24480 e36e9b 75 API calls 24201->24480 24203 e38bcb 24204 e38c26 24203->24204 24205 e38d2c 24203->24205 24206 e38c98 24204->24206 24209 e38c36 24204->24209 24207 e38d52 24205->24207 24208 e38d3e 24205->24208 24226 e38c56 24205->24226 24210 e380b1 CharUpperW 24206->24210 24214 e42842 75 API calls 24207->24214 24213 e3910b 123 API calls 24208->24213 24211 e38c7c 24209->24211 24218 e38c44 24209->24218 24212 e38cb3 24210->24212 24211->24226 24482 e3774c 108 API calls 24211->24482 24222 e38ce3 24212->24222 24223 e38cdc 24212->24223 24212->24226 24213->24226 24216 e38d6b 24214->24216 24219 e424d9 123 API calls 24216->24219 24217->24203 24460 e398d5 24217->24460 24481 e36bf5 74 API calls 24218->24481 24219->24226 24484 e39049 94 API calls __EH_prolog 24222->24484 24483 e374dd 84 API calls pre_c_initialization 24223->24483 24229 e38e7a 24226->24229 24485 e36bf5 74 API calls 24226->24485 24228 e38f85 24228->24183 24230 e3a12f 4 API calls 24228->24230 24229->24183 24229->24228 24231 e38f33 24229->24231 24486 e39bd6 SetEndOfFile 24229->24486 24232 e38fe0 24230->24232 24465 e39a7e 24231->24465 24232->24183 24487 e36bf5 74 API calls 24232->24487 24235 e38f7a 24236 e394da 75 API calls 24235->24236 24236->24228 24239 e3163f 24238->24239 24504 e3c56d 84 API calls 24239->24504 24242->24087 24244 e3c4d4 __EH_prolog 24243->24244 24245 e4d82c new 8 API calls 24244->24245 24247 e3c517 24245->24247 24246 e4d82c new 8 API calls 24248 e3c53b 24246->24248 24247->24246 24248->24110 24249->24117 24255 e316c0 24250->24255 24252 e36ef3 24252->24127 24253->24132 24254->24133 24256 e316d6 24255->24256 24267 e3172e __vswprintf_c_l 24255->24267 24257 e316ff 24256->24257 24268 e36cce 74 API calls __vswprintf_c_l 24256->24268 24258 e31755 24257->24258 24262 e3171b new 24257->24262 24261 e52b5e 22 API calls 24258->24261 24260 e316f5 24269 e36d3a 75 API calls 24260->24269 24264 e3175c 24261->24264 24262->24267 24270 e36d3a 75 API calls 24262->24270 24264->24267 24271 e36d3a 75 API calls 24264->24271 24267->24252 24268->24260 24269->24257 24270->24267 24271->24267 24273 e408a8 __vswprintf_c_l 24272->24273 24273->24137 24275 e4cb0b 24274->24275 24276 e3da42 53 API calls 24275->24276 24277 e4cb2e 24276->24277 24278 e33e41 _swprintf 51 API calls 24277->24278 24279 e4cb40 24278->24279 24280 e4c190 16 API calls 24279->24280 24281 e40fd6 24280->24281 24281->24091 24283 e31943 24282->24283 24285 e3193f 24282->24285 24286 e31884 24283->24286 24285->24143 24287 e31892 24286->24287 24289 e318c7 24286->24289 24288 e3391a 98 API calls 24287->24288 24290 e318aa 24288->24290 24294 e33d4f 24289->24294 24290->24285 24296 e33d58 24294->24296 24295 e3391a 98 API calls 24295->24296 24296->24295 24298 e318e3 24296->24298 24311 e402e8 24296->24311 24298->24290 24299 e31d61 24298->24299 24300 e31d6b __EH_prolog 24299->24300 24319 e3399d 24300->24319 24302 e31d95 24303 e316c0 76 API calls 24302->24303 24305 e31e1c 24302->24305 24304 e31dac 24303->24304 24347 e31837 76 API calls 24304->24347 24305->24290 24307 e31dc4 24309 e31dd0 24307->24309 24348 e40fde MultiByteToWideChar 24307->24348 24349 e31837 76 API calls 24309->24349 24312 e402ef 24311->24312 24313 e4030a 24312->24313 24317 e36cc9 RaiseException Concurrency::cancel_current_task 24312->24317 24315 e4031b SetThreadExecutionState 24313->24315 24318 e36cc9 RaiseException Concurrency::cancel_current_task 24313->24318 24315->24296 24317->24313 24318->24315 24320 e339a7 __EH_prolog 24319->24320 24321 e339d9 24320->24321 24322 e339bd 24320->24322 24324 e33c22 24321->24324 24327 e33a05 24321->24327 24384 e3134c 74 API calls 24322->24384 24403 e3134c 74 API calls 24324->24403 24326 e339c8 24326->24302 24327->24326 24350 e42842 24327->24350 24329 e33a86 24330 e33b11 24329->24330 24346 e33a7d 24329->24346 24387 e3c634 24329->24387 24363 e3a728 24330->24363 24331 e33a82 24331->24329 24386 e31ede 76 API calls 24331->24386 24333 e33a72 24385 e3134c 74 API calls 24333->24385 24334 e33a54 24334->24329 24334->24331 24334->24333 24337 e33b24 24340 e33ba8 24337->24340 24341 e33b9e 24337->24341 24393 e424d9 24340->24393 24367 e3910b 24341->24367 24344 e33ba6 24344->24346 24402 e36bf5 74 API calls 24344->24402 24378 e416cb 24346->24378 24347->24307 24348->24309 24349->24305 24351 e42851 24350->24351 24353 e4285b 24350->24353 24404 e36d3a 75 API calls 24351->24404 24354 e4289b 24353->24354 24355 e428a0 new 24353->24355 24361 e428f9 ___scrt_fastfail 24353->24361 24406 e50b4a RaiseException 24354->24406 24356 e429b0 24355->24356 24359 e428d5 24355->24359 24355->24361 24407 e50b4a RaiseException 24356->24407 24405 e42763 75 API calls 3 library calls 24359->24405 24360 e429d3 24361->24334 24364 e3a735 24363->24364 24366 e3a73f 24363->24366 24365 e4d82c new 8 API calls 24364->24365 24365->24366 24366->24337 24368 e39115 __EH_prolog 24367->24368 24408 e37c3c 24368->24408 24371 e36ed7 76 API calls 24372 e39127 24371->24372 24411 e3c70f 24372->24411 24374 e39139 24375 e39181 24374->24375 24377 e3c70f 116 API calls 24374->24377 24420 e3c8c7 97 API calls __vswprintf_c_l 24374->24420 24375->24344 24377->24374 24379 e416d5 24378->24379 24380 e416ee 24379->24380 24383 e41702 24379->24383 24421 e403c7 84 API calls 24380->24421 24382 e416f5 24382->24383 24384->24326 24385->24346 24386->24329 24388 e3c667 24387->24388 24389 e3c655 24387->24389 24423 e3607d 80 API calls 24388->24423 24422 e3607d 80 API calls 24389->24422 24392 e3c65f 24392->24330 24394 e424e2 24393->24394 24395 e4250b 24393->24395 24396 e424ff 24394->24396 24397 e42501 24394->24397 24399 e424f7 24394->24399 24395->24396 24438 e44b06 123 API calls 2 library calls 24395->24438 24396->24344 24437 e4581e 116 API calls 24397->24437 24424 e4626d 24399->24424 24402->24346 24403->24326 24404->24353 24405->24361 24406->24356 24407->24360 24409 e3a995 GetVersionExW 24408->24409 24410 e37c41 24409->24410 24410->24371 24416 e3c724 __vswprintf_c_l 24411->24416 24412 e3c86e 24413 e3c896 24412->24413 24414 e3c6ae 6 API calls 24412->24414 24415 e402e8 SetThreadExecutionState RaiseException 24413->24415 24414->24413 24418 e3c865 24415->24418 24416->24412 24417 e480d0 101 API calls 24416->24417 24416->24418 24419 e3a810 89 API calls 24416->24419 24417->24416 24418->24374 24419->24416 24420->24374 24421->24382 24422->24392 24423->24392 24425 e42a7f 75 API calls 24424->24425 24432 e4627e ___BuildCatchObject __vswprintf_c_l 24425->24432 24426 e3c70f 116 API calls 24426->24432 24427 e46650 24428 e447da 98 API calls 24427->24428 24429 e46660 __vswprintf_c_l 24428->24429 24429->24396 24430 e40697 79 API calls 24430->24432 24431 e433d3 116 API calls 24431->24432 24432->24426 24432->24427 24432->24430 24432->24431 24433 e4045d 86 API calls 24432->24433 24434 e466a2 116 API calls 24432->24434 24435 e46cdb 123 API calls 24432->24435 24436 e42e2c 98 API calls 24432->24436 24433->24432 24434->24432 24435->24432 24436->24432 24437->24396 24438->24396 24439->24153 24440->24153 24441->24150 24443 e35c8e 24442->24443 24488 e35bad 24443->24488 24445 e35cf9 24445->24166 24447 e35cc1 24447->24445 24448 e35d02 24447->24448 24493 e3aa05 CompareStringW CharUpperW CompareStringW 24447->24493 24448->24445 24494 e3fa84 CompareStringW 24448->24494 24451 e380cf 24450->24451 24500 e41401 CharUpperW 24451->24500 24453 e38179 24453->24169 24456 e37bf1 24454->24456 24455 e37c31 24455->24176 24456->24455 24501 e36e7d 74 API calls 24456->24501 24458 e37c29 24502 e3134c 74 API calls 24458->24502 24461 e39903 2 API calls 24460->24461 24463 e398e9 24461->24463 24462 e398f4 24462->24203 24463->24462 24503 e39bd6 SetEndOfFile 24463->24503 24466 e39a8f 24465->24466 24469 e39a9e 24465->24469 24467 e39a95 FlushFileBuffers 24466->24467 24466->24469 24467->24469 24468 e39b17 SetFileTime 24468->24235 24469->24468 24470->24157 24471->24160 24472->24162 24473->24176 24474->24176 24475->24174 24476->24191 24477->24181 24478->24191 24479->24201 24480->24189 24481->24226 24482->24226 24483->24226 24484->24226 24485->24229 24486->24231 24487->24183 24495 e35aaa 24488->24495 24490 e35bce 24490->24447 24492 e35aaa 3 API calls 24492->24490 24493->24447 24494->24445 24498 e35ab4 24495->24498 24496 e35b9c 24496->24490 24496->24492 24498->24496 24499 e3aa05 CompareStringW CharUpperW CompareStringW 24498->24499 24499->24498 24500->24453 24501->24458 24502->24455 24503->24462 24506 e3a2e9 24505->24506 24507 e3a307 FindFirstFileW 24506->24507 24508 e3a379 FindNextFileW 24506->24508 24511 e3a320 24507->24511 24516 e3a35d 24507->24516 24509 e3a384 GetLastError 24508->24509 24510 e3a398 24508->24510 24509->24510 24510->24516 24512 e3b32c 2 API calls 24511->24512 24513 e3a339 24512->24513 24514 e3a352 GetLastError 24513->24514 24515 e3a33d FindFirstFileW 24513->24515 24514->24516 24515->24514 24515->24516 24516->24104 24517->23964 24518->23970 24519->23970 24520->23973 24521->23981 24523 e39c0e 76 API calls 24522->24523 24524 e31eaa 24523->24524 24525 e31eae 24524->24525 24526 e31973 98 API calls 24524->24526 24525->23989 24525->23990 24527 e31ebb 24526->24527 24527->24525 24529 e3134c 74 API calls 24527->24529 24529->24525 24716 e575d2 8 API calls ___vcrt_uninitialize 24775 e4dfd3 46 API calls 5 library calls 24627 e4d7da 24628 e4d7e4 24627->24628 24629 e4d53a ___delayLoadHelper2@8 19 API calls 24628->24629 24630 e4d7f1 24629->24630 22806 e4d1a4 19 API calls ___delayLoadHelper2@8 24746 e4c2a7 70 API calls 24678 e5aca1 GetProcessHeap 24679 e46cac 116 API calls 24718 e5a139 27 API calls ___delayLoadHelper2@8 24719 e4e1b6 20 API calls 24776 e593b7 31 API calls 2 library calls 24681 e4a0b0 97 API calls 24684 e394b8 79 API calls 24778 e4afb9 93 API calls _swprintf 22809 e31382 82 API calls 3 library calls 24688 e5e081 21 API calls __vswprintf_c_l 24689 e51480 6 API calls 4 library calls 24753 e4da82 38 API calls 2 library calls 24779 e49b8d 73 API calls 24781 e60b96 CloseHandle 22871 e31092 22876 e35a1d 22871->22876 22877 e35a27 __EH_prolog 22876->22877 22883 e3ad1b 22877->22883 22879 e35a33 22889 e35c12 GetCurrentProcess GetProcessAffinityMask 22879->22889 22884 e3ad25 __EH_prolog 22883->22884 22890 e3e6f0 80 API calls 22884->22890 22886 e3ad37 22891 e3ae33 22886->22891 22890->22886 22892 e3ae45 ___scrt_fastfail 22891->22892 22895 e405b4 22892->22895 22898 e40574 GetCurrentProcess GetProcessAffinityMask 22895->22898 22899 e3adad 22898->22899 22899->22879 23043 e4e091 23044 e4e09d ___scrt_is_nonwritable_in_current_image 23043->23044 23069 e4dba6 23044->23069 23046 e4e0a4 23048 e4e0cd 23046->23048 23149 e4e4f5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 23046->23149 23056 e4e10c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23048->23056 23080 e577c5 23048->23080 23052 e4e0ec ___scrt_is_nonwritable_in_current_image 23053 e4e16c 23088 e4e610 23053->23088 23056->23053 23150 e567f9 38 API calls 2 library calls 23056->23150 23064 e4e198 23066 e4e1a1 23064->23066 23151 e56c00 28 API calls _abort 23064->23151 23152 e4dd1d 13 API calls 2 library calls 23066->23152 23070 e4dbaf 23069->23070 23153 e4e34b IsProcessorFeaturePresent 23070->23153 23072 e4dbbb 23154 e515e6 23072->23154 23074 e4dbc0 23075 e4dbc4 23074->23075 23163 e57652 23074->23163 23075->23046 23078 e4dbdb 23078->23046 23081 e577dc 23080->23081 23082 e4e203 ___delayLoadHelper2@8 5 API calls 23081->23082 23083 e4e0e6 23082->23083 23083->23052 23084 e57769 23083->23084 23085 e57798 23084->23085 23086 e4e203 ___delayLoadHelper2@8 5 API calls 23085->23086 23087 e577c1 23086->23087 23087->23056 23213 e4e920 23088->23213 23091 e4e172 23092 e57716 23091->23092 23215 e5a7b3 23092->23215 23094 e5771f 23095 e4e17b 23094->23095 23219 e5ab3e 38 API calls 23094->23219 23097 e4cbb8 23095->23097 23349 e3fd49 23097->23349 23101 e4cbd7 23398 e49aa0 23101->23398 23103 e4cbe0 23402 e41017 GetCPInfo 23103->23402 23105 e4cbea ___scrt_fastfail 23106 e4cbfd GetCommandLineW 23105->23106 23107 e4cc0c 23106->23107 23108 e4cc8a GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23106->23108 23405 e4b356 23107->23405 23109 e33e41 _swprintf 51 API calls 23108->23109 23111 e4ccf3 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23109->23111 23416 e4a4f8 LoadBitmapW 23111->23416 23113 e4cc84 23410 e4c891 23113->23410 23114 e4cc1a OpenFileMappingW 23116 e4cc33 MapViewOfFile 23114->23116 23117 e4cc7a CloseHandle 23114->23117 23121 e4cc44 __vswprintf_c_l 23116->23121 23122 e4cc71 UnmapViewOfFile 23116->23122 23117->23108 23126 e4c891 2 API calls 23121->23126 23122->23117 23128 e4cc60 23126->23128 23127 e483fc 8 API calls 23129 e4cd4c DialogBoxParamW 23127->23129 23128->23122 23130 e4cd86 23129->23130 23131 e4cd9f 23130->23131 23132 e4cd98 Sleep 23130->23132 23134 e4cdad 23131->23134 23442 e49ca1 23131->23442 23132->23131 23135 e4cdcc DeleteObject 23134->23135 23136 e4cde3 DeleteObject 23135->23136 23138 e4cde6 23135->23138 23136->23138 23137 e4ce17 23452 e4c8f0 WaitForSingleObject 23137->23452 23138->23137 23140 e4ce29 23138->23140 23450 e49b08 23140->23450 23143 e4ce63 23144 e56b34 GetModuleHandleW 23143->23144 23145 e4e18e 23144->23145 23145->23064 23146 e56c5d 23145->23146 23666 e569da 23146->23666 23149->23046 23150->23053 23151->23066 23152->23052 23153->23072 23155 e515eb ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 23154->23155 23167 e5268e 23155->23167 23159 e51601 23160 e5160c 23159->23160 23181 e526ca DeleteCriticalSection 23159->23181 23160->23074 23162 e515f9 23162->23074 23209 e5acbc 23163->23209 23166 e5160f 8 API calls 3 library calls 23166->23075 23168 e52697 23167->23168 23170 e526c0 23168->23170 23171 e515f5 23168->23171 23182 e52905 23168->23182 23187 e526ca DeleteCriticalSection 23170->23187 23171->23162 23173 e51726 23171->23173 23202 e5281a 23173->23202 23175 e51730 23176 e5173b 23175->23176 23207 e528c8 6 API calls try_get_function 23175->23207 23176->23159 23178 e51749 23179 e51756 23178->23179 23208 e51759 6 API calls ___vcrt_FlsFree 23178->23208 23179->23159 23181->23162 23188 e526f9 23182->23188 23185 e5293c InitializeCriticalSectionAndSpinCount 23186 e52928 23185->23186 23186->23168 23187->23171 23189 e5272d 23188->23189 23190 e52729 23188->23190 23189->23185 23189->23186 23190->23189 23193 e5274d 23190->23193 23195 e52799 23190->23195 23192 e52759 GetProcAddress 23194 e52769 __crt_fast_encode_pointer 23192->23194 23193->23189 23193->23192 23194->23189 23196 e527c1 LoadLibraryExW 23195->23196 23200 e527b6 23195->23200 23197 e527f5 23196->23197 23198 e527dd GetLastError 23196->23198 23197->23200 23201 e5280c FreeLibrary 23197->23201 23198->23197 23199 e527e8 LoadLibraryExW 23198->23199 23199->23197 23200->23190 23201->23200 23203 e526f9 try_get_function 5 API calls 23202->23203 23204 e52834 23203->23204 23205 e5284c TlsAlloc 23204->23205 23206 e5283d 23204->23206 23206->23175 23207->23178 23208->23176 23212 e5acd5 23209->23212 23210 e4e203 ___delayLoadHelper2@8 5 API calls 23211 e4dbcd 23210->23211 23211->23078 23211->23166 23212->23210 23214 e4e623 GetStartupInfoW 23213->23214 23214->23091 23216 e5a7bc 23215->23216 23217 e5a7c5 23215->23217 23220 e5a6b2 23216->23220 23217->23094 23219->23094 23221 e58516 _abort 38 API calls 23220->23221 23222 e5a6bf 23221->23222 23240 e5a7d1 23222->23240 23224 e5a6c7 23249 e5a446 23224->23249 23227 e5a6de 23227->23217 23231 e57a50 _free 20 API calls 23231->23227 23233 e5a71c 23273 e57ecc 20 API calls _abort 23233->23273 23235 e5a721 23235->23231 23236 e5a739 23237 e57a50 _free 20 API calls 23236->23237 23238 e5a765 23236->23238 23237->23238 23238->23235 23274 e5a31c 26 API calls 23238->23274 23241 e5a7dd ___scrt_is_nonwritable_in_current_image 23240->23241 23242 e58516 _abort 38 API calls 23241->23242 23244 e5a7e7 23242->23244 23245 e5a86b ___scrt_is_nonwritable_in_current_image 23244->23245 23248 e57a50 _free 20 API calls 23244->23248 23275 e57ad8 38 API calls _abort 23244->23275 23276 e59931 EnterCriticalSection 23244->23276 23277 e5a862 LeaveCriticalSection _abort 23244->23277 23245->23224 23248->23244 23250 e53356 __cftof 38 API calls 23249->23250 23251 e5a458 23250->23251 23252 e5a467 GetOEMCP 23251->23252 23253 e5a479 23251->23253 23254 e5a490 23252->23254 23253->23254 23255 e5a47e GetACP 23253->23255 23254->23227 23256 e57a8a 23254->23256 23255->23254 23257 e57ac8 23256->23257 23261 e57a98 _abort 23256->23261 23279 e57ecc 20 API calls _abort 23257->23279 23259 e57ab3 RtlAllocateHeap 23260 e57ac6 23259->23260 23259->23261 23260->23235 23263 e5a873 23260->23263 23261->23257 23261->23259 23278 e56763 7 API calls 2 library calls 23261->23278 23264 e5a446 40 API calls 23263->23264 23265 e5a892 23264->23265 23268 e5a8e3 IsValidCodePage 23265->23268 23270 e5a899 23265->23270 23272 e5a908 ___scrt_fastfail 23265->23272 23266 e4e203 ___delayLoadHelper2@8 5 API calls 23267 e5a714 23266->23267 23267->23233 23267->23236 23269 e5a8f5 GetCPInfo 23268->23269 23268->23270 23269->23270 23269->23272 23270->23266 23280 e5a51e GetCPInfo 23272->23280 23273->23235 23274->23235 23276->23244 23277->23244 23278->23261 23279->23260 23281 e5a602 23280->23281 23287 e5a558 23280->23287 23283 e4e203 ___delayLoadHelper2@8 5 API calls 23281->23283 23286 e5a6ae 23283->23286 23286->23270 23290 e5b5ea 23287->23290 23289 e597c2 __vswprintf_c_l 43 API calls 23289->23281 23291 e53356 __cftof 38 API calls 23290->23291 23292 e5b60a MultiByteToWideChar 23291->23292 23294 e5b6e0 23292->23294 23296 e5b648 23292->23296 23295 e4e203 ___delayLoadHelper2@8 5 API calls 23294->23295 23299 e5a5b9 23295->23299 23297 e5b669 __vsnwprintf_l ___scrt_fastfail 23296->23297 23298 e57a8a __onexit 21 API calls 23296->23298 23300 e5b6da 23297->23300 23302 e5b6ae MultiByteToWideChar 23297->23302 23298->23297 23304 e597c2 23299->23304 23309 e5980d 20 API calls _free 23300->23309 23302->23300 23303 e5b6ca GetStringTypeW 23302->23303 23303->23300 23305 e53356 __cftof 38 API calls 23304->23305 23306 e597d5 23305->23306 23310 e595a5 23306->23310 23309->23294 23311 e595c0 __vswprintf_c_l 23310->23311 23312 e595e6 MultiByteToWideChar 23311->23312 23313 e59610 23312->23313 23314 e5979a 23312->23314 23317 e57a8a __onexit 21 API calls 23313->23317 23320 e59631 __vsnwprintf_l 23313->23320 23315 e4e203 ___delayLoadHelper2@8 5 API calls 23314->23315 23316 e597ad 23315->23316 23316->23289 23317->23320 23318 e596e6 23346 e5980d 20 API calls _free 23318->23346 23319 e5967a MultiByteToWideChar 23319->23318 23321 e59693 23319->23321 23320->23318 23320->23319 23337 e59c64 23321->23337 23325 e596f5 23327 e57a8a __onexit 21 API calls 23325->23327 23330 e59716 __vsnwprintf_l 23325->23330 23326 e596bd 23326->23318 23328 e59c64 __vswprintf_c_l 11 API calls 23326->23328 23327->23330 23328->23318 23329 e5978b 23345 e5980d 20 API calls _free 23329->23345 23330->23329 23331 e59c64 __vswprintf_c_l 11 API calls 23330->23331 23333 e5976a 23331->23333 23333->23329 23334 e59779 WideCharToMultiByte 23333->23334 23334->23329 23335 e597b9 23334->23335 23347 e5980d 20 API calls _free 23335->23347 23338 e59990 _abort 5 API calls 23337->23338 23339 e59c8b 23338->23339 23340 e59c94 23339->23340 23348 e59cec 10 API calls 3 library calls 23339->23348 23343 e4e203 ___delayLoadHelper2@8 5 API calls 23340->23343 23342 e59cd4 LCMapStringW 23342->23340 23344 e596aa 23343->23344 23344->23318 23344->23325 23344->23326 23345->23318 23346->23314 23347->23318 23348->23342 23456 e4d940 23349->23456 23352 e3fdbe 23356 e400f3 GetModuleFileNameW 23352->23356 23467 e56662 42 API calls 2 library calls 23352->23467 23353 e3fd6d GetProcAddress 23354 e3fd96 GetProcAddress 23353->23354 23355 e3fd86 23353->23355 23354->23352 23357 e3fda2 23354->23357 23355->23354 23369 e4010e 23356->23369 23357->23352 23359 e40031 23359->23356 23360 e4003c GetModuleFileNameW CreateFileW 23359->23360 23361 e400e7 CloseHandle 23360->23361 23362 e4006b SetFilePointer 23360->23362 23361->23356 23362->23361 23363 e4007b ReadFile 23362->23363 23363->23361 23366 e4009a 23363->23366 23366->23361 23368 e3fcfd 2 API calls 23366->23368 23367 e40143 CompareStringW 23367->23369 23368->23366 23369->23367 23370 e40179 GetFileAttributesW 23369->23370 23371 e4018d 23369->23371 23458 e3a995 23369->23458 23461 e3fcfd 23369->23461 23370->23369 23370->23371 23372 e4019a 23371->23372 23375 e401cc 23371->23375 23374 e401b2 GetFileAttributesW 23372->23374 23376 e401c6 23372->23376 23373 e402db 23397 e495f8 GetCurrentDirectoryW 23373->23397 23374->23372 23374->23376 23375->23373 23377 e3a995 GetVersionExW 23375->23377 23376->23375 23378 e401e6 23377->23378 23379 e40253 23378->23379 23380 e401ed 23378->23380 23381 e33e41 _swprintf 51 API calls 23379->23381 23382 e3fcfd 2 API calls 23380->23382 23383 e4027b AllocConsole 23381->23383 23384 e401f7 23382->23384 23385 e402d3 ExitProcess 23383->23385 23386 e40288 GetCurrentProcessId AttachConsole 23383->23386 23387 e3fcfd 2 API calls 23384->23387 23468 e52b33 23386->23468 23388 e40201 23387->23388 23390 e3da42 53 API calls 23388->23390 23392 e4021c 23390->23392 23391 e402a9 GetStdHandle WriteConsoleW Sleep FreeConsole 23391->23385 23393 e33e41 _swprintf 51 API calls 23392->23393 23394 e4022f 23393->23394 23395 e3da42 53 API calls 23394->23395 23396 e4023e 23395->23396 23396->23385 23397->23101 23399 e3fcfd 2 API calls 23398->23399 23400 e49ab4 OleInitialize 23399->23400 23401 e49ad7 GdiplusStartup SHGetMalloc 23400->23401 23401->23103 23403 e4103b IsDBCSLeadByte 23402->23403 23403->23403 23404 e41053 23403->23404 23404->23105 23406 e4b360 23405->23406 23407 e4b476 23406->23407 23409 e41401 CharUpperW 23406->23409 23470 e3e90c 80 API calls ___scrt_fastfail 23406->23470 23407->23113 23407->23114 23409->23406 23411 e4d940 23410->23411 23412 e4c89e SetEnvironmentVariableW 23411->23412 23414 e4c8c1 23412->23414 23413 e4c8e9 23413->23108 23414->23413 23415 e4c8dd SetEnvironmentVariableW 23414->23415 23415->23413 23417 e4a522 GetObjectW 23416->23417 23418 e4a519 23416->23418 23471 e4952a 23417->23471 23476 e4963a FindResourceW 23418->23476 23423 e4a575 23434 e3cfab 23423->23434 23424 e4a555 23492 e4958c GetDC GetDeviceCaps ReleaseDC 23424->23492 23425 e4963a 13 API calls 23427 e4a54a 23425->23427 23427->23424 23429 e4a550 DeleteObject 23427->23429 23428 e4a55d 23493 e49549 GetDC GetDeviceCaps ReleaseDC 23428->23493 23429->23424 23431 e4a566 23494 e4975d 8 API calls ___scrt_fastfail 23431->23494 23433 e4a56d DeleteObject 23433->23423 23505 e3cfd0 23434->23505 23436 e3cfb7 23545 e3d6c1 GetModuleHandleW FindResourceW 23436->23545 23439 e483fc 23653 e4d82c 23439->23653 23444 e49cae 23442->23444 23443 e49d3c 23443->23134 23444->23443 23662 e41432 23444->23662 23446 e49cd6 23446->23443 23665 e49a8d SetCurrentDirectoryW 23446->23665 23448 e49ce4 ___scrt_fastfail 23449 e49d18 SHFileOperationW 23448->23449 23449->23443 23451 e49b2e GdiplusShutdown CoUninitialize 23450->23451 23451->23143 23453 e4c926 23452->23453 23454 e4c909 PeekMessageW WaitForSingleObject 23453->23454 23455 e4c92a CloseHandle 23453->23455 23454->23453 23455->23140 23457 e3fd53 GetModuleHandleW 23456->23457 23457->23352 23457->23353 23459 e3a9e5 23458->23459 23460 e3a9a9 GetVersionExW 23458->23460 23459->23369 23460->23459 23462 e4d940 23461->23462 23463 e3fd0a GetSystemDirectoryW 23462->23463 23464 e3fd22 23463->23464 23465 e3fd40 23463->23465 23466 e3fd33 LoadLibraryW 23464->23466 23465->23369 23466->23465 23467->23359 23469 e52b3b 23468->23469 23469->23391 23469->23469 23470->23406 23495 e49549 GetDC GetDeviceCaps ReleaseDC 23471->23495 23473 e49531 23475 e4953d 23473->23475 23496 e4958c GetDC GetDeviceCaps ReleaseDC 23473->23496 23475->23423 23475->23424 23475->23425 23477 e4968d 23476->23477 23478 e4965b SizeofResource 23476->23478 23477->23417 23478->23477 23479 e4966f LoadResource 23478->23479 23479->23477 23480 e49680 LockResource 23479->23480 23480->23477 23481 e49694 GlobalAlloc 23480->23481 23481->23477 23482 e496ab GlobalLock 23481->23482 23483 e496b6 __vswprintf_c_l 23482->23483 23484 e49722 GlobalFree 23482->23484 23485 e496be CreateStreamOnHGlobal 23483->23485 23484->23477 23486 e496d6 23485->23486 23487 e4971b GlobalUnlock 23485->23487 23497 e495cf GdipAlloc 23486->23497 23487->23484 23490 e49710 23490->23487 23491 e496fa GdipCreateHBITMAPFromBitmap 23491->23490 23492->23428 23493->23431 23494->23433 23495->23473 23496->23475 23498 e495ee 23497->23498 23499 e495e1 23497->23499 23498->23487 23498->23490 23498->23491 23501 e4938e 23499->23501 23502 e493b6 GdipCreateBitmapFromStream 23501->23502 23503 e493af GdipCreateBitmapFromStreamICM 23501->23503 23504 e493bb 23502->23504 23503->23504 23504->23498 23506 e3cfde _wcschr __EH_prolog 23505->23506 23507 e3d00d GetModuleFileNameW 23506->23507 23508 e3d03e 23506->23508 23509 e3d027 23507->23509 23547 e39768 23508->23547 23509->23508 23512 e3d09a 23558 e55030 26 API calls 3 library calls 23512->23558 23514 e43393 76 API calls 23516 e3d06e 23514->23516 23516->23512 23516->23514 23529 e3d2ba 23516->23529 23517 e3d0ad 23559 e55030 26 API calls 3 library calls 23517->23559 23519 e3d1f6 23520 e39a4c 77 API calls 23519->23520 23519->23529 23523 e3d210 new 23520->23523 23524 e39979 80 API calls 23523->23524 23523->23529 23527 e3d239 new 23524->23527 23526 e3d0bf 23526->23519 23526->23529 23560 e39b57 23526->23560 23575 e39979 23526->23575 23583 e39a4c 23526->23583 23527->23529 23542 e3d245 new 23527->23542 23588 e40fde MultiByteToWideChar 23527->23588 23568 e3946e 23529->23568 23530 e3d3bb 23589 e3cb33 76 API calls 23530->23589 23532 e3d683 23594 e3cb33 76 API calls 23532->23594 23534 e3d673 23534->23436 23535 e3d3fe 23590 e55030 26 API calls 3 library calls 23535->23590 23537 e3d418 23591 e55030 26 API calls 3 library calls 23537->23591 23538 e3d3cf 23538->23535 23540 e43393 76 API calls 23538->23540 23540->23538 23541 e411fa WideCharToMultiByte 23541->23542 23542->23529 23542->23530 23542->23532 23542->23534 23542->23541 23592 e3d9dc 50 API calls __vsnprintf 23542->23592 23593 e54e71 26 API calls 3 library calls 23542->23593 23546 e3cfbe 23545->23546 23546->23439 23548 e39772 23547->23548 23549 e397f1 CreateFileW 23548->23549 23550 e39811 GetLastError 23549->23550 23557 e39862 23549->23557 23595 e3b32c 23550->23595 23552 e39899 23552->23516 23553 e3987f SetFileTime 23553->23552 23554 e39831 23555 e39835 CreateFileW GetLastError 23554->23555 23554->23557 23556 e39859 23555->23556 23556->23557 23557->23552 23557->23553 23558->23517 23559->23526 23561 e39b7b SetFilePointer 23560->23561 23562 e39b6a 23560->23562 23563 e39b99 GetLastError 23561->23563 23564 e39bb4 23561->23564 23562->23564 23608 e36de2 75 API calls 23562->23608 23563->23564 23566 e39ba3 23563->23566 23564->23526 23566->23564 23609 e36de2 75 API calls 23566->23609 23569 e39492 23568->23569 23574 e394a3 23568->23574 23570 e394a5 23569->23570 23571 e3949e 23569->23571 23569->23574 23615 e394da 23570->23615 23610 e39621 23571->23610 23574->23436 23578 e39990 23575->23578 23577 e399f1 23577->23526 23578->23577 23579 e399f3 23578->23579 23580 e399e3 23578->23580 23630 e3964a 23578->23630 23579->23577 23582 e3964a 5 API calls 23579->23582 23642 e36da8 75 API calls 23580->23642 23582->23579 23647 e39903 23583->23647 23586 e39a77 23586->23526 23588->23542 23589->23538 23590->23537 23591->23529 23592->23542 23593->23542 23594->23534 23596 e3b339 23595->23596 23604 e3b343 23596->23604 23605 e3b4c6 CharUpperW 23596->23605 23598 e3b352 23606 e3b4f2 CharUpperW 23598->23606 23600 e3b361 23601 e3b365 23600->23601 23602 e3b3dc GetCurrentDirectoryW 23600->23602 23607 e3b4c6 CharUpperW 23601->23607 23602->23604 23604->23554 23605->23598 23606->23600 23607->23604 23608->23561 23609->23564 23611 e3962a 23610->23611 23612 e3962e 23610->23612 23611->23574 23612->23611 23621 e39e18 23612->23621 23616 e394e6 23615->23616 23617 e39504 23615->23617 23616->23617 23619 e394f2 CloseHandle 23616->23619 23618 e39523 23617->23618 23629 e36c7b 74 API calls 23617->23629 23618->23574 23619->23617 23622 e4d940 23621->23622 23623 e39e25 DeleteFileW 23622->23623 23624 e39648 23623->23624 23625 e39e38 23623->23625 23624->23574 23626 e3b32c 2 API calls 23625->23626 23627 e39e4c 23626->23627 23627->23624 23628 e39e50 DeleteFileW 23627->23628 23628->23624 23629->23618 23631 e39663 ReadFile 23630->23631 23632 e39658 GetStdHandle 23630->23632 23633 e3969c 23631->23633 23634 e3967c 23631->23634 23632->23631 23633->23578 23643 e39745 23634->23643 23636 e39683 23637 e396b3 23636->23637 23638 e396a4 GetLastError 23636->23638 23641 e39691 23636->23641 23637->23633 23640 e396c3 GetLastError 23637->23640 23638->23633 23638->23637 23639 e3964a GetFileType 23639->23633 23640->23633 23640->23641 23641->23639 23642->23577 23644 e3974b 23643->23644 23645 e3974e GetFileType 23643->23645 23644->23636 23646 e3975c 23645->23646 23646->23636 23648 e3996e 23647->23648 23651 e3990f 23647->23651 23648->23586 23652 e36de2 75 API calls 23648->23652 23649 e39946 SetFilePointer 23649->23648 23650 e39964 GetLastError 23649->23650 23650->23648 23651->23649 23652->23586 23656 e4d831 new 23653->23656 23654 e4841b 23654->23127 23656->23654 23659 e56763 7 API calls 2 library calls 23656->23659 23660 e4e2bb RaiseException Concurrency::cancel_current_task new 23656->23660 23661 e4e29e RaiseException Concurrency::cancel_current_task 23656->23661 23659->23656 23663 e4143f 23662->23663 23664 e41472 CompareStringW 23663->23664 23664->23446 23665->23448 23667 e569e6 _abort 23666->23667 23668 e56b34 _abort GetModuleHandleW 23667->23668 23676 e569fe 23667->23676 23670 e569f2 23668->23670 23670->23676 23700 e56b78 GetModuleHandleExW 23670->23700 23671 e56a06 23675 e56a7b 23671->23675 23685 e56aa4 23671->23685 23708 e574e0 20 API calls _abort 23671->23708 23679 e56a93 23675->23679 23684 e57769 _abort 5 API calls 23675->23684 23688 e59931 EnterCriticalSection 23676->23688 23677 e56ac1 23692 e56af3 23677->23692 23678 e56aed 23709 e60ec9 5 API calls ___delayLoadHelper2@8 23678->23709 23680 e57769 _abort 5 API calls 23679->23680 23680->23685 23684->23679 23689 e56ae4 23685->23689 23688->23671 23710 e59979 LeaveCriticalSection 23689->23710 23691 e56abd 23691->23677 23691->23678 23711 e59d6e 23692->23711 23695 e56b21 23698 e56b78 _abort 8 API calls 23695->23698 23696 e56b01 GetPEB 23696->23695 23697 e56b11 GetCurrentProcess TerminateProcess 23696->23697 23697->23695 23699 e56b29 ExitProcess 23698->23699 23701 e56bc5 23700->23701 23702 e56ba2 GetProcAddress 23700->23702 23703 e56bd4 23701->23703 23704 e56bcb FreeLibrary 23701->23704 23707 e56bb7 23702->23707 23705 e4e203 ___delayLoadHelper2@8 5 API calls 23703->23705 23704->23703 23706 e56bde 23705->23706 23706->23676 23707->23701 23708->23675 23710->23691 23712 e59d93 23711->23712 23713 e59d89 23711->23713 23714 e59990 _abort 5 API calls 23712->23714 23715 e4e203 ___delayLoadHelper2@8 5 API calls 23713->23715 23714->23713 23716 e56afd 23715->23716 23716->23695 23716->23696 24691 e4589e 123 API calls __vswprintf_c_l 24756 e3169e 84 API calls 24757 e5de64 51 API calls 24783 e56f6d 55 API calls _free 24760 e4ce71 19 API calls ___delayLoadHelper2@8 24695 e56c73 52 API calls 2 library calls 24696 e4e07f 27 API calls pre_c_initialization 24786 e4877b 6 API calls 24788 e35f46 80 API calls 22901 e4cb57 22902 e4cb64 22901->22902 22909 e3da42 22902->22909 22920 e3da70 22909->22920 22912 e33e41 22943 e33e14 22912->22943 22915 e4a388 PeekMessageW 22916 e4a3a3 GetMessageW 22915->22916 22917 e4a3dc 22915->22917 22918 e4a3c8 TranslateMessage DispatchMessageW 22916->22918 22919 e4a3b9 IsDialogMessageW 22916->22919 22918->22917 22919->22917 22919->22918 22926 e3cf19 22920->22926 22923 e3da93 LoadStringW 22924 e3da6d 22923->22924 22925 e3daaa LoadStringW 22923->22925 22924->22912 22925->22924 22931 e3ce52 22926->22931 22928 e3cf36 22930 e3cf4b 22928->22930 22939 e3cf57 26 API calls 22928->22939 22930->22923 22930->22924 22932 e3ce6d 22931->22932 22938 e3ce66 _strncpy 22931->22938 22934 e3ce91 22932->22934 22940 e411fa WideCharToMultiByte 22932->22940 22937 e3cec2 22934->22937 22941 e3d9dc 50 API calls __vsnprintf 22934->22941 22942 e54e71 26 API calls 3 library calls 22937->22942 22938->22928 22939->22930 22940->22934 22941->22937 22942->22938 22944 e33e2b ___scrt_initialize_default_local_stdio_options 22943->22944 22947 e54cf4 22944->22947 22950 e52db7 22947->22950 22951 e52df7 22950->22951 22952 e52ddf 22950->22952 22951->22952 22953 e52dff 22951->22953 22967 e57ecc 20 API calls _abort 22952->22967 22969 e53356 22953->22969 22956 e52de4 22968 e57dab 26 API calls _abort 22956->22968 22960 e4e203 ___delayLoadHelper2@8 5 API calls 22962 e33e35 SetDlgItemTextW 22960->22962 22961 e52e87 22978 e53706 51 API calls 4 library calls 22961->22978 22962->22915 22965 e52e92 22979 e533d9 20 API calls _free 22965->22979 22966 e52def 22966->22960 22967->22956 22968->22966 22970 e53373 22969->22970 22971 e52e0f 22969->22971 22970->22971 22980 e58516 GetLastError 22970->22980 22977 e53321 20 API calls 2 library calls 22971->22977 22973 e53394 23001 e58665 38 API calls __cftof 22973->23001 22975 e533ad 23002 e58692 38 API calls __cftof 22975->23002 22977->22961 22978->22965 22979->22966 22981 e5852c 22980->22981 22982 e58538 22980->22982 23003 e59b53 11 API calls 2 library calls 22981->23003 23004 e57b1b 20 API calls 3 library calls 22982->23004 22985 e58544 22992 e5854c 22985->22992 23011 e59ba9 11 API calls 2 library calls 22985->23011 22986 e58532 22986->22982 22987 e58581 SetLastError 22986->22987 22987->22973 22990 e58561 22990->22992 22993 e58568 22990->22993 22991 e58552 22994 e5858d SetLastError 22991->22994 23005 e57a50 22992->23005 23012 e58388 20 API calls _abort 22993->23012 23013 e57ad8 38 API calls _abort 22994->23013 22997 e58573 22999 e57a50 _free 20 API calls 22997->22999 23000 e5857a 22999->23000 23000->22987 23000->22994 23001->22975 23002->22971 23003->22986 23004->22985 23006 e57a84 _free 23005->23006 23007 e57a5b RtlFreeHeap 23005->23007 23006->22991 23007->23006 23008 e57a70 23007->23008 23014 e57ecc 20 API calls _abort 23008->23014 23010 e57a76 GetLastError 23010->23006 23011->22990 23012->22997 23014->23010 24698 e31050 82 API calls pre_c_initialization 24791 e5ab56 GetCommandLineA GetCommandLineW 24723 e4b51b 109 API calls 4 library calls 24762 e31e54 128 API calls __EH_prolog 24631 e4bb5b 24632 e4bb64 GetTempPathW 24631->24632 24647 e4b51b _wcsrchr 24631->24647 24633 e4bb84 24632->24633 24635 e33e41 _swprintf 51 API calls 24633->24635 24637 e39e6b 4 API calls 24633->24637 24638 e4bbbb SetDlgItemTextW 24633->24638 24635->24633 24636 e4c0c4 24637->24633 24642 e4bbd9 _wcschr 24638->24642 24638->24647 24640 e4b808 SetWindowTextW 24640->24647 24644 e4bcc5 EndDialog 24642->24644 24642->24647 24644->24647 24645 e52b5e 22 API calls 24645->24647 24647->24636 24647->24640 24647->24645 24660 e4b5ec ___scrt_fastfail 24647->24660 24662 e41410 CompareStringW 24647->24662 24663 e495f8 GetCurrentDirectoryW 24647->24663 24664 e3a215 7 API calls 24647->24664 24667 e3a19e FindClose 24647->24667 24668 e4a2ae 76 API calls new 24647->24668 24669 e4a156 ExpandEnvironmentStringsW 24647->24669 24648 e4b5f9 SetFileAttributesW 24650 e4b6b4 GetFileAttributesW 24648->24650 24648->24660 24652 e4b6c2 DeleteFileW 24650->24652 24650->24660 24652->24660 24653 e4b9d2 GetDlgItem SetWindowTextW SendMessageW 24653->24660 24655 e33e41 _swprintf 51 API calls 24657 e4b6f7 GetFileAttributesW 24655->24657 24656 e4ba14 SendMessageW 24656->24647 24658 e4b708 MoveFileW 24657->24658 24657->24660 24659 e4b720 MoveFileExW 24658->24659 24658->24660 24659->24660 24660->24647 24660->24648 24660->24653 24660->24655 24660->24656 24661 e4b690 SHFileOperationW 24660->24661 24665 e3b1b7 52 API calls 2 library calls 24660->24665 24666 e3a215 7 API calls 24660->24666 24661->24650 24662->24647 24663->24647 24664->24647 24665->24660 24666->24660 24667->24647 24668->24647 24669->24647 24763 e4b51b 99 API calls 3 library calls 24765 e4162f 26 API calls std::bad_exception::bad_exception 24728 e5a128 6 API calls ___delayLoadHelper2@8 24729 e49135 10 API calls 24766 e4f230 51 API calls 2 library calls 24530 e39c34 24531 e39c47 24530->24531 24536 e39c40 24530->24536 24532 e39c4d GetStdHandle 24531->24532 24540 e39c58 24531->24540 24532->24540 24533 e39cad WriteFile 24533->24540 24534 e39c78 24535 e39c7d WriteFile 24534->24535 24534->24540 24535->24534 24535->24540 24538 e39d20 24542 e36e9b 75 API calls 24538->24542 24540->24533 24540->24534 24540->24535 24540->24536 24540->24538 24541 e36c55 60 API calls 24540->24541 24541->24540 24542->24536 24545 e4d23e 24546 e4d20f 24545->24546 24547 e4d53a ___delayLoadHelper2@8 19 API calls 24546->24547 24547->24546 24704 e49404 GdipCloneImage GdipAlloc 22810 e4d200 22812 e4d1ae 22810->22812 22813 e4d53a 22812->22813 22841 e4d248 22813->22841 22815 e4d554 22816 e4d5b1 22815->22816 22828 e4d5d5 22815->22828 22852 e4d4b8 11 API calls 3 library calls 22816->22852 22818 e4d5bc RaiseException 22834 e4d7aa 22818->22834 22819 e4d6c0 22825 e4d77c 22819->22825 22827 e4d71e GetProcAddress 22819->22827 22821 e4d64d LoadLibraryExA 22823 e4d660 GetLastError 22821->22823 22824 e4d6ae 22821->22824 22822 e4d7b9 22822->22812 22826 e4d689 22823->22826 22838 e4d673 22823->22838 22824->22819 22829 e4d6b9 FreeLibrary 22824->22829 22855 e4d4b8 11 API calls 3 library calls 22825->22855 22853 e4d4b8 11 API calls 3 library calls 22826->22853 22827->22825 22831 e4d72e GetLastError 22827->22831 22828->22819 22828->22821 22828->22824 22828->22825 22829->22819 22836 e4d741 22831->22836 22833 e4d694 RaiseException 22833->22834 22856 e4e203 22834->22856 22836->22825 22854 e4d4b8 11 API calls 3 library calls 22836->22854 22837 e4d762 RaiseException 22839 e4d248 ___delayLoadHelper2@8 11 API calls 22837->22839 22838->22824 22838->22826 22840 e4d779 22839->22840 22840->22825 22842 e4d254 22841->22842 22843 e4d27a 22841->22843 22863 e4d2f6 8 API calls 2 library calls 22842->22863 22843->22815 22845 e4d259 22846 e4d275 22845->22846 22864 e4d448 VirtualQuery GetSystemInfo VirtualProtect DloadObtainSection DloadMakePermanentImageCommit 22845->22864 22865 e4d27b GetModuleHandleW GetProcAddress GetProcAddress 22846->22865 22849 e4e203 ___delayLoadHelper2@8 5 API calls 22850 e4d536 22849->22850 22850->22815 22851 e4d505 22851->22849 22852->22818 22853->22833 22854->22837 22855->22834 22857 e4e20c 22856->22857 22858 e4e20e IsProcessorFeaturePresent 22856->22858 22857->22822 22860 e4e837 22858->22860 22866 e4e7fb SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22860->22866 22862 e4e91a 22862->22822 22863->22845 22864->22846 22865->22851 22866->22862 24706 e5940d 21 API calls 24799 e3e708 FreeLibrary 24768 e37a13 GetCurrentProcess GetLastError CloseHandle 24800 e50b10 RaiseException 24734 e5191d 48 API calls 24548 e5861f 24556 e59aa7 24548->24556 24551 e58633 24553 e5863b 24554 e58648 24553->24554 24564 e5864b 11 API calls 24553->24564 24557 e59990 _abort 5 API calls 24556->24557 24558 e59ace 24557->24558 24559 e59ae6 TlsAlloc 24558->24559 24560 e59ad7 24558->24560 24559->24560 24561 e4e203 ___delayLoadHelper2@8 5 API calls 24560->24561 24562 e58629 24561->24562 24562->24551 24563 e5859a 20 API calls 2 library calls 24562->24563 24563->24553 24564->24551 24707 e31019 29 API calls pre_c_initialization 24735 e54d18 QueryPerformanceFrequency QueryPerformanceCounter

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00E4CBB8 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 199filesleeptimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E3FD49: GetModuleHandleW.KERNEL32 ref: 00E3FD61
                                                                                                                                                                                                                    • Part of subcall function 00E3FD49: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00E3FD79
                                                                                                                                                                                                                    • Part of subcall function 00E3FD49: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E3FD9C
                                                                                                                                                                                                                    • Part of subcall function 00E495F8: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00E49600
                                                                                                                                                                                                                    • Part of subcall function 00E49AA0: OleInitialize.OLE32(00000000), ref: 00E49AB9
                                                                                                                                                                                                                    • Part of subcall function 00E49AA0: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00E49AF0
                                                                                                                                                                                                                    • Part of subcall function 00E49AA0: SHGetMalloc.SHELL32(00E775C0), ref: 00E49AFA
                                                                                                                                                                                                                    • Part of subcall function 00E41017: GetCPInfo.KERNEL32(00000000,?), ref: 00E41028
                                                                                                                                                                                                                    • Part of subcall function 00E41017: IsDBCSLeadByte.KERNEL32(00000000), ref: 00E4103C
                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 00E4CC00
                                                                                                                                                                                                                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00E4CC27
                                                                                                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00E4CC38
                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 00E4CC72
                                                                                                                                                                                                                    • Part of subcall function 00E4C891: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00E4C8A7
                                                                                                                                                                                                                    • Part of subcall function 00E4C891: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00E4C8E3
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00E4CC7B
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe,00000800), ref: 00E4CC96
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxname,C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe), ref: 00E4CCA8
                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00E4CCAF
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4CCEE
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00E4CD00
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00E4CD03
                                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00000064), ref: 00E4CD1A
                                                                                                                                                                                                                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001A5D1,00000000), ref: 00E4CD6B
                                                                                                                                                                                                                  • Sleep.KERNEL32(?), ref: 00E4CD99
                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00E4CDD8
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00E4CDE4
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00E4CE23
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp\IXP000.TMP$C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe$STARTDLG$ps$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                                                                                  • API String ID: 788466649-211838791
                                                                                                                                                                                                                  • Opcode ID: 705fa5b95bce348b97619d65c32f127ccd5ff00f3c6c9a2c672e14642d062876
                                                                                                                                                                                                                  • Instruction ID: 8f69b0fd97c8af55b241164eb1502abcc602f7b51fa2c2bff3b51dad21d03eac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 705fa5b95bce348b97619d65c32f127ccd5ff00f3c6c9a2c672e14642d062876
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0361F671909301AFD750EB72FC49F2B7BE8AB49744F102429FA4AB7191DBB49C48C7A1
                                                                                                                                                                                                                  Function 00E4963A Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92memorywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 611 e4963a-e49655 FindResourceW 612 e49730-e49732 611->612 613 e4965b-e4966d SizeofResource 611->613 614 e4968d-e4968f 613->614 615 e4966f-e4967e LoadResource 613->615 617 e4972f 614->617 615->614 616 e49680-e4968b LockResource 615->616 616->614 618 e49694-e496a9 GlobalAlloc 616->618 617->612 619 e49729-e4972e 618->619 620 e496ab-e496b4 GlobalLock 618->620 619->617 621 e496b6-e496d4 call e4ea80 CreateStreamOnHGlobal 620->621 622 e49722-e49723 GlobalFree 620->622 625 e496d6-e496ee call e495cf 621->625 626 e4971b-e4971c GlobalUnlock 621->626 622->619 625->626 630 e496f0-e496f8 625->630 626->622 631 e49713-e49717 630->631 632 e496fa-e4970e GdipCreateHBITMAPFromBitmap 630->632 631->626 632->631 633 e49710 632->633 633->631
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000066,PNG,?,?,00E4A54A,00000066), ref: 00E4964B
                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,75295780,?,?,00E4A54A,00000066), ref: 00E49663
                                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,?,?,00E4A54A,00000066), ref: 00E49676
                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,00E4A54A,00000066), ref: 00E49681
                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,00E4A54A,00000066), ref: 00E4969F
                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00E496AC
                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00E496CC
                                                                                                                                                                                                                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00E49707
                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00E4971C
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00E49723
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                                                                                                                                                                  • String ID: PNG
                                                                                                                                                                                                                  • API String ID: 3656887471-364855578
                                                                                                                                                                                                                  • Opcode ID: 75352094f8cbd16b69f92fde76a6cecf3bf752a4b6ab89f246452131c0dea185
                                                                                                                                                                                                                  • Instruction ID: 2a03d5dc8c801c508aa062bf6ab57ba2ea244babd0c04aacab07c75acfe1e97e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75352094f8cbd16b69f92fde76a6cecf3bf752a4b6ab89f246452131c0dea185
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0421B131615602AFC3219F22FC88E2B7BA8FF45794B05052DFA46F2261DB71DC04DBA1
                                                                                                                                                                                                                  Function 00E3A2DF Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 994 e3a2df-e3a305 call e4d940 997 e3a307-e3a31a FindFirstFileW 994->997 998 e3a379-e3a382 FindNextFileW 994->998 1001 e3a3a0-e3a449 call e3fab1 call e3b9b9 call e40a81 * 3 997->1001 1002 e3a320-e3a33b call e3b32c 997->1002 999 e3a384-e3a392 GetLastError 998->999 1000 e3a398-e3a39a 998->1000 999->1000 1000->1001 1003 e3a44e-e3a461 1000->1003 1001->1003 1009 e3a352-e3a35b GetLastError 1002->1009 1010 e3a33d-e3a350 FindFirstFileW 1002->1010 1012 e3a35d-e3a360 1009->1012 1013 e3a36c 1009->1013 1010->1001 1010->1009 1012->1013 1015 e3a362-e3a365 1012->1015 1016 e3a36e-e3a374 1013->1016 1015->1013 1018 e3a367-e3a36a 1015->1018 1016->1003 1018->1016
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00E3A1DA,000000FF,?,?), ref: 00E3A314
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00E3A1DA,000000FF,?,?), ref: 00E3A34A
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00E3A1DA,000000FF,?,?), ref: 00E3A352
                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,00E3A1DA,000000FF,?,?), ref: 00E3A37A
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00E3A1DA,000000FF,?,?), ref: 00E3A386
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFind$ErrorFirstLast$Next
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 869497890-0
                                                                                                                                                                                                                  • Opcode ID: d1f78154ed9c5758c74bb6af650a31225e049a7205ba4761f19442c5a43592b7
                                                                                                                                                                                                                  • Instruction ID: fcf48c87535423d676b54d84a9b221b50b74da695f655e01b6a8b84696e7cbd8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1f78154ed9c5758c74bb6af650a31225e049a7205ba4761f19442c5a43592b7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0416772504341AFC324DF64C888ADEF7E8BB88350F04092EF5D9E3240D775A994DB92
                                                                                                                                                                                                                  Function 00E56AF3 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00E56AC9,?,00E6A800,0000000C,00E56C20,?,00000002,00000000), ref: 00E56B14
                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00E56AC9,?,00E6A800,0000000C,00E56C20,?,00000002,00000000), ref: 00E56B1B
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00E56B2D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                  • Opcode ID: 4ce7552a8fd64b0d42b31047a7e364096433ef605010bec5ad051bc9dba0e6a5
                                                                                                                                                                                                                  • Instruction ID: c9b663ac5bd9b12e4b0c18ed487cfe7976f6b7c14208185d7dbff16bbc4ada3e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ce7552a8fd64b0d42b31047a7e364096433ef605010bec5ad051bc9dba0e6a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E04631000508AFCF916FA1ED09A893FA9EB00382B405818FE05AB132CB75EC4ACB60
                                                                                                                                                                                                                  Function 00E383C0 Relevance: 3.9, APIs: 2, Instructions: 940COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog_memcmp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3004599000-0
                                                                                                                                                                                                                  • Opcode ID: bf65920d236d1883b76c007788739992595979740626adaaef99a43b4194d74c
                                                                                                                                                                                                                  • Instruction ID: bae1aa330f4543a72e977c425f824b2e6f8562730495c6b9b8bbeba7c0555ecc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf65920d236d1883b76c007788739992595979740626adaaef99a43b4194d74c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A821A71904385AEDF15CF64C989BFABFA9BF05304F0861BAF859BB142DB315A44CB60
                                                                                                                                                                                                                  Function 00E4626D Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: 921c05c6a4478c84eaa729a99f4d265b011d9491ee05d6b8a9628c85c50ccfe9
                                                                                                                                                                                                                  • Instruction ID: 5d422a8c026c6fcbafd76f5ca5fea7c31269bfe2280fc6328e046f35e58c9a1e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 921c05c6a4478c84eaa729a99f4d265b011d9491ee05d6b8a9628c85c50ccfe9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59D117B1A043418FDF14CF28E88579BBBE0BF96308F04156DE854AB642D734E958CB9B
                                                                                                                                                                                                                  Function 00E4A5D1 Relevance: 104.0, APIs: 48, Strings: 11, Instructions: 724COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E4A5D6
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prologItemTextWindow
                                                                                                                                                                                                                  • String ID: "%s"%s$,>$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\AppData\Local\Temp\IXP000.TMP$C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                                                                                                  • API String ID: 810644672-1970706783
                                                                                                                                                                                                                  • Opcode ID: 2cbeb319eb430ea9968ad8ceac56240bb6b95ebd3c1945086fd96ae13a87911a
                                                                                                                                                                                                                  • Instruction ID: f4670a9d22a3fb4796263fd3ab672293de1b5cf64c666ec9ba982414dbd6ecce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cbeb319eb430ea9968ad8ceac56240bb6b95ebd3c1945086fd96ae13a87911a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE420971A84304AFEB21DB61BC89FFF3BA8AB05754F082065F645B61D1D7B44D88CB62
                                                                                                                                                                                                                  Function 00E3FD49 Relevance: 100.1, APIs: 22, Strings: 35, Instructions: 314libraryfileloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 255 e3fd49-e3fd6b call e4d940 GetModuleHandleW 258 e3fdbe-e40025 255->258 259 e3fd6d-e3fd84 GetProcAddress 255->259 262 e400f3-e40124 GetModuleFileNameW call e3b943 call e3fab1 258->262 263 e4002b-e40036 call e56662 258->263 260 e3fd96-e3fda0 GetProcAddress 259->260 261 e3fd86-e3fd93 259->261 260->258 264 e3fda2-e3fdb9 260->264 261->260 276 e40126-e40130 call e3a995 262->276 263->262 271 e4003c-e40069 GetModuleFileNameW CreateFileW 263->271 264->258 272 e400e7-e400ee CloseHandle 271->272 273 e4006b-e40079 SetFilePointer 271->273 272->262 273->272 275 e4007b-e40098 ReadFile 273->275 275->272 278 e4009a-e400bf 275->278 281 e40132-e40136 call e3fcfd 276->281 282 e4013d 276->282 280 e400dc-e400e5 call e3f835 278->280 280->272 290 e400c1-e400db call e3fcfd 280->290 287 e4013b 281->287 285 e4013f-e40141 282->285 288 e40163-e40185 call e3b9b9 GetFileAttributesW 285->288 289 e40143-e40161 CompareStringW 285->289 287->285 292 e40187-e4018b 288->292 297 e4018f 288->297 289->288 289->292 290->280 292->276 296 e4018d 292->296 298 e40193-e40198 296->298 297->298 299 e401cc-e401ce 298->299 300 e4019a 298->300 302 e401d4-e401eb call e3b98d call e3a995 299->302 303 e402db-e402e5 299->303 301 e4019c-e401be call e3b9b9 GetFileAttributesW 300->301 308 e401c0-e401c4 301->308 309 e401c8 301->309 313 e40253-e40286 call e33e41 AllocConsole 302->313 314 e401ed-e4024e call e3fcfd * 2 call e3da42 call e33e41 call e3da42 call e49735 302->314 308->301 311 e401c6 308->311 309->299 311->299 319 e402d3-e402d5 ExitProcess 313->319 320 e40288-e402cd GetCurrentProcessId AttachConsole call e52b33 GetStdHandle WriteConsoleW Sleep FreeConsole 313->320 314->319 320->319
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32 ref: 00E3FD61
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00E3FD79
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E3FD9C
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E40047
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00E4005F
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00E40071
                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00007FFE,00E628D4,00000000), ref: 00E40090
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00E400E8
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E400FE
                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001, ),?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00E40158
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,(,00000800,?,00000000,?,00000800), ref: 00E40181
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00E629AC,00000800), ref: 00E401BA
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E3FD18
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E3E7F6,Crypt32.dll,?,00E3E878,?,00E3E85C,?,?,?,?), ref: 00E3FD3A
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4022A
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E40276
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                  • AllocConsole.KERNEL32 ref: 00E4027E
                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00E40288
                                                                                                                                                                                                                  • AttachConsole.KERNEL32(00000000), ref: 00E4028F
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00E402B5
                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000), ref: 00E402BC
                                                                                                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 00E402C7
                                                                                                                                                                                                                  • FreeConsole.KERNEL32 ref: 00E402CD
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00E402D5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                                                                                                                                                  • String ID: )$ *$$+$(,$(-$(.$4*$8)$<+$@,$@-$@.$DXGIDebug.dll$L*$P)$P,$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$X+$X-$`.$d*$dwmapi.dll$h)$kernel32$l,$p+$p-$t*$t.$uxtheme.dll$($+$,
                                                                                                                                                                                                                  • API String ID: 1201351596-4000381438
                                                                                                                                                                                                                  • Opcode ID: 526490556a3ab61b72cc23e91a94a2dce48aa7ddd85de7633d5e0fec7f461b39
                                                                                                                                                                                                                  • Instruction ID: b68b497339c9bd6c071d3b12fa74dadc101aa016611f123cf26f1a6ed71f5cbb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 526490556a3ab61b72cc23e91a94a2dce48aa7ddd85de7633d5e0fec7f461b39
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBD173B15887849FD735DF50E84AB9FBBE8AFC4384F50692DE784B6190C7B08548CB52
                                                                                                                                                                                                                  Function 00E3CFD0 Relevance: 30.3, APIs: 4, Strings: 13, Instructions: 557COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 402 e3cfd0-e3d00b call e4d870 call e4d940 call e50bb8 409 e3d03e-e3d047 call e3fab1 402->409 410 e3d00d-e3d03c GetModuleFileNameW call e3b943 call e3fa89 402->410 413 e3d04c-e3d070 call e3943c call e39768 409->413 410->413 421 e3d076-e3d07e 413->421 422 e3d42d-e3d433 call e3946e 413->422 424 e3d080-e3d098 call e43393 * 2 421->424 425 e3d09c-e3d0cb call e55030 * 2 421->425 426 e3d438-e3d449 422->426 436 e3d09a 424->436 435 e3d0ce-e3d0d1 425->435 437 e3d0d7-e3d0dd call e39b57 435->437 438 e3d1ff-e3d222 call e39a4c call e52b53 435->438 436->425 442 e3d0e2-e3d109 call e39979 437->442 438->422 447 e3d228-e3d243 call e39979 438->447 448 e3d1c8-e3d1cb 442->448 449 e3d10f-e3d117 442->449 461 e3d245-e3d24a 447->461 462 e3d24c-e3d25f call e52b53 447->462 453 e3d1ce-e3d1f0 call e39a4c 448->453 451 e3d142-e3d14d 449->451 452 e3d119-e3d121 449->452 456 e3d178-e3d180 451->456 457 e3d14f-e3d15b 451->457 452->451 455 e3d123-e3d13d call e55460 452->455 453->435 467 e3d1f6-e3d1f9 453->467 478 e3d13f 455->478 479 e3d1be-e3d1c6 455->479 459 e3d182-e3d18a 456->459 460 e3d1ac-e3d1b0 456->460 457->456 464 e3d15d-e3d162 457->464 459->460 468 e3d18c-e3d1a6 call e55460 459->468 460->448 469 e3d1b2-e3d1b5 460->469 470 e3d284-e3d28b 461->470 462->422 483 e3d265-e3d281 call e40fde call e52b4e 462->483 464->456 466 e3d164-e3d176 call e54da0 464->466 466->456 484 e3d1ba 466->484 467->422 467->438 468->422 468->460 469->449 474 e3d28f-e3d2b8 call e3fa56 call e52b53 470->474 475 e3d28d 470->475 492 e3d2c6-e3d2d9 474->492 493 e3d2ba-e3d2c1 call e52b4e 474->493 475->474 478->451 479->453 483->470 484->479 495 e3d3c1-e3d3e4 call e3cb33 call e52b4e * 2 492->495 496 e3d2df-e3d2ed 492->496 493->422 532 e3d3e6-e3d3fc call e43393 * 2 495->532 533 e3d3fe-e3d42a call e55030 * 2 495->533 499 e3d2f4-e3d2f9 496->499 501 e3d5f5-e3d5fd 499->501 502 e3d2ff-e3d308 499->502 505 e3d603-e3d607 501->505 506 e3d3bb-e3d3be 501->506 503 e3d314-e3d31b 502->503 504 e3d30a-e3d30e 502->504 508 e3d321-e3d346 503->508 509 e3d508-e3d519 call e3f91a 503->509 504->501 504->503 510 e3d657-e3d65d 505->510 511 e3d609-e3d60f 505->511 506->495 515 e3d349-e3d36e call e52b33 call e54da0 508->515 534 e3d5ef-e3d5f2 509->534 535 e3d51f-e3d548 call e3fab1 call e54e1d 509->535 513 e3d683-e3d69d call e3cb33 510->513 514 e3d65f-e3d665 510->514 516 e3d3b2-e3d3b5 511->516 517 e3d615-e3d61c 511->517 537 e3d67b-e3d67e 513->537 514->513 520 e3d667-e3d66d 514->520 551 e3d370-e3d37a 515->551 552 e3d386 515->552 516->499 516->506 523 e3d643 517->523 524 e3d61e-e3d621 517->524 520->516 527 e3d673-e3d67a 520->527 536 e3d645-e3d652 523->536 530 e3d623-e3d626 524->530 531 e3d63f-e3d641 524->531 527->537 539 e3d63b-e3d63d 530->539 540 e3d628-e3d62b 530->540 531->536 532->533 533->422 534->501 535->534 561 e3d54e-e3d5b5 call e411fa call e3fa56 call e3fa2f call e3fa56 call e54e71 535->561 536->516 539->536 546 e3d637-e3d639 540->546 547 e3d62d-e3d631 540->547 546->536 547->520 553 e3d633-e3d635 547->553 551->552 558 e3d37c-e3d384 551->558 559 e3d389-e3d38d 552->559 553->536 558->559 559->515 562 e3d38f-e3d396 559->562 595 e3d5c3-e3d5d8 561->595 596 e3d5b7-e3d5c0 561->596 564 e3d44c-e3d44f 562->564 565 e3d39c-e3d3aa call e3fa56 562->565 564->509 567 e3d455-e3d45c 564->567 572 e3d3af 565->572 570 e3d464-e3d465 567->570 571 e3d45e-e3d462 567->571 570->567 571->570 574 e3d467-e3d475 571->574 572->516 576 e3d477-e3d47a 574->576 577 e3d496-e3d4bb call e411fa 574->577 579 e3d493 576->579 580 e3d47c-e3d491 576->580 584 e3d4de-e3d4e6 577->584 585 e3d4bd-e3d4d9 call e52b69 577->585 579->577 580->576 580->579 588 e3d4e8 584->588 589 e3d4ed-e3d503 call e3d9dc 584->589 585->572 588->589 589->572 597 e3d5d9-e3d5e0 595->597 596->595 598 e3d5e2-e3d5e6 597->598 599 e3d5ec-e3d5ed 597->599 598->572 598->599 599->597
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E3CFD9
                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00E3CFFA
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E3D015
                                                                                                                                                                                                                  • __fprintf_l.LIBCMT ref: 00E3D4FB
                                                                                                                                                                                                                    • Part of subcall function 00E40FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E3B312,00000000,?,?,?,00030442), ref: 00E40FFA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                                                                                                                                  • String ID: $ ,$$%s:$(&$*messages***$*messages***$8&$@%s:$H&$R$RTL$T&$a
                                                                                                                                                                                                                  • API String ID: 4184910265-433054625
                                                                                                                                                                                                                  • Opcode ID: a860a2f5a29ff59cc3de0f6b4d3d677fb9b8a15f238b2912da0bcf37cf7be092
                                                                                                                                                                                                                  • Instruction ID: d674d1395225400106d411f9a33745a7706aa66c722d8a1901d6b2c82e2b1d9e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a860a2f5a29ff59cc3de0f6b4d3d677fb9b8a15f238b2912da0bcf37cf7be092
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0912F371A043089BDF24EF64EC4AAED3BB9EF40344F50252AF919B7291EB71D984CB50
                                                                                                                                                                                                                  Function 00E4C190 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E4A399
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E4A3AA
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: IsDialogMessageW.USER32(00030442,?), ref: 00E4A3BE
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: TranslateMessage.USER32(?), ref: 00E4A3CC
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: DispatchMessageW.USER32(?), ref: 00E4A3D6
                                                                                                                                                                                                                  • GetDlgItem.USER32(00000068,00E8DE38), ref: 00E4C1A4
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,00E49D8F), ref: 00E4C1CF
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00E4C1DE
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,00E622E4), ref: 00E4C1E8
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E4C1FE
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00E4C214
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E4C254
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00E4C25E
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E4C26D
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E4C290
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,00E6304C), ref: 00E4C29B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                                                                                  • String ID: \
                                                                                                                                                                                                                  • API String ID: 3569833718-2967466578
                                                                                                                                                                                                                  • Opcode ID: 0bf55aa170e96a36834ac60ecd6905e3bb4f08ee2f4dc653fa325a4ff4d2921f
                                                                                                                                                                                                                  • Instruction ID: f1f16117d1fbc5afbb50a6b49acb849cc6e2534f85e4fc08e0ac4f30a7a013cd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf55aa170e96a36834ac60ecd6905e3bb4f08ee2f4dc653fa325a4ff4d2921f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 492104712897447FE311EB25AC41FAF7BDCEF82794F000618F690B61D1C7A55A098ABB
                                                                                                                                                                                                                  Function 00E4C431 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 179windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 634 e4c431-e4c449 call e4d940 637 e4c695-e4c69d 634->637 638 e4c44f-e4c45b call e52b33 634->638 638->637 641 e4c461-e4c489 call e4e920 638->641 644 e4c493-e4c4a0 641->644 645 e4c48b 641->645 646 e4c4a4-e4c4ad 644->646 647 e4c4a2 644->647 645->644 648 e4c4e5 646->648 649 e4c4af-e4c4b1 646->649 647->646 651 e4c4e9-e4c4eb 648->651 650 e4c4b9-e4c4bc 649->650 652 e4c4c2-e4c4ca 650->652 653 e4c649-e4c64e 650->653 654 e4c4f2-e4c4f4 651->654 655 e4c4ed-e4c4f0 651->655 660 e4c4d0-e4c4d6 652->660 661 e4c662-e4c66a 652->661 658 e4c650 653->658 659 e4c643-e4c647 653->659 656 e4c507-e4c519 call e3b153 654->656 657 e4c4f6-e4c4fd 654->657 655->654 655->656 669 e4c532-e4c53d call e39e6b 656->669 670 e4c51b-e4c528 call e41410 656->670 657->656 662 e4c4ff 657->662 664 e4c655-e4c659 658->664 659->653 659->664 660->661 665 e4c4dc-e4c4e3 660->665 666 e4c672-e4c67a 661->666 667 e4c66c-e4c66e 661->667 662->656 664->661 665->648 665->650 666->651 667->666 676 e4c53f-e4c556 call e3aed7 669->676 677 e4c55a-e4c567 ShellExecuteExW 669->677 670->669 675 e4c52a 670->675 675->669 676->677 678 e4c693-e4c694 677->678 679 e4c56d-e4c580 677->679 678->637 681 e4c582-e4c589 679->681 682 e4c593-e4c595 679->682 681->682 684 e4c58b-e4c591 681->684 685 e4c597-e4c5a0 IsWindowVisible 682->685 686 e4c5a8-e4c5bb WaitForInputIdle call e4c8f0 682->686 684->682 687 e4c5fe-e4c60a CloseHandle 684->687 685->686 688 e4c5a2-e4c5a6 ShowWindow 685->688 692 e4c5c0-e4c5c7 686->692 690 e4c60c-e4c619 call e41410 687->690 691 e4c61b-e4c629 687->691 688->686 690->691 701 e4c67f 690->701 694 e4c686-e4c688 691->694 695 e4c62b-e4c62d 691->695 692->687 696 e4c5c9-e4c5d1 692->696 694->678 698 e4c68a-e4c68c 694->698 695->694 699 e4c62f-e4c635 695->699 696->687 700 e4c5d3-e4c5e4 GetExitCodeProcess 696->700 698->678 702 e4c68e-e4c691 ShowWindow 698->702 699->694 703 e4c637-e4c641 699->703 700->687 704 e4c5e6-e4c5f0 700->704 701->694 702->678 703->694 705 e4c5f7 704->705 706 e4c5f2 704->706 705->687 706->705
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(000001C0), ref: 00E4C55F
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00E4C598
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?), ref: 00E4C5A4
                                                                                                                                                                                                                  • WaitForInputIdle.USER32(?,000007D0), ref: 00E4C5B1
                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00E4C5DC
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E4C602
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 00E4C691
                                                                                                                                                                                                                    • Part of subcall function 00E41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00E3ACFE,?,?,?,00E3ACAD,?,-00000002,?,00000000,?), ref: 00E41426
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Show$CloseCodeCompareExecuteExitHandleIdleInputProcessShellStringVisibleWait
                                                                                                                                                                                                                  • String ID: $.exe$.inf
                                                                                                                                                                                                                  • API String ID: 1693144567-2452507128
                                                                                                                                                                                                                  • Opcode ID: 4ac20ec9f01b6b8f3c519a5c3b5718950cbfb542dc8bcdc46298fbc15b0b0cfb
                                                                                                                                                                                                                  • Instruction ID: 278a95b0a5c3caf63f6d7ee2341ee05ffee2237968fb575a98174bff77990506
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ac20ec9f01b6b8f3c519a5c3b5718950cbfb542dc8bcdc46298fbc15b0b0cfb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2051323090A3809FD7719F21F900ABFB7E8AF84748F28681DE5C1B71A0D7B59988C752
                                                                                                                                                                                                                  Function 00E4BB5B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 707 e4bb5b-e4bb5e 708 e4bb64-e4bb89 GetTempPathW call e3aea5 707->708 709 e4bcdf-e4bce2 707->709 717 e4bb8d-e4bbb9 call e33e41 call e39e6b 708->717 710 e4c093-e4c0be call e4a156 709->710 711 e4bce8-e4bcef 709->711 720 e4c0c4-e4c0d4 710->720 721 e4b51b-e4b529 710->721 714 e4bcf1 711->714 715 e4bcfb-e4bd02 711->715 714->715 715->710 730 e4bb8b-e4bb8c 717->730 731 e4bbbb-e4bbd3 SetDlgItemTextW 717->731 722 e4b52a-e4b53a call e49e24 721->722 729 e4b53c 722->729 732 e4b53e-e4b553 call e41410 729->732 730->717 731->710 733 e4bbd9-e4bbe0 731->733 738 e4b555-e4b559 732->738 739 e4b560-e4b563 732->739 733->710 735 e4bbe6-e4bc01 call e50bb8 733->735 742 e4bc55-e4bc5d 735->742 743 e4bc03-e4bc0e 735->743 738->732 741 e4b55b 738->741 739->710 744 e4b569 739->744 741->710 745 e4bc8f-e4bcbf call e49c4f call e49735 742->745 746 e4bc5f-e4bc8a call e3fab1 * 2 742->746 743->742 747 e4bc10-e4bc12 743->747 748 e4b570-e4b573 744->748 749 e4b800-e4b802 744->749 750 e4b81d-e4b81f 744->750 751 e4b75f-e4b761 744->751 745->710 789 e4bcc5-e4bcd9 EndDialog 745->789 746->745 756 e4bc18-e4bc1c 747->756 748->710 757 e4b579-e4b5e6 call e495f8 call e3b625 call e3a188 call e3a2c2 call e36ef9 call e3a215 748->757 749->710 755 e4b808-e4b818 SetWindowTextW 749->755 750->710 758 e4b825-e4b82c 750->758 751->710 752 e4b767-e4b773 751->752 761 e4b775-e4b786 call e566ed 752->761 762 e4b787-e4b78c 752->762 755->710 765 e4bc31-e4bc4d call e3fab1 756->765 766 e4bc1e-e4bc2d 756->766 836 e4b5ec-e4b5f2 757->836 837 e4b74b-e4b75a call e3a19e 757->837 758->710 760 e4b832-e4b84b 758->760 769 e4b853-e4b861 call e52b33 760->769 770 e4b84d 760->770 761->762 773 e4b796-e4b7a1 call e4a2ae 762->773 774 e4b78e-e4b794 762->774 765->742 766->756 767 e4bc2f 766->767 767->742 769->710 791 e4b867-e4b870 769->791 770->769 781 e4b7a6-e4b7a8 773->781 774->781 787 e4b7b3-e4b7d3 call e52b33 call e52b5e 781->787 788 e4b7aa-e4b7b1 call e52b33 781->788 810 e4b7d5-e4b7dc 787->810 811 e4b7ec-e4b7ee 787->811 788->787 789->709 796 e4b872-e4b876 791->796 797 e4b899-e4b89c 791->797 796->797 801 e4b878-e4b880 796->801 802 e4b981-e4b98f call e3fab1 797->802 803 e4b8a2-e4b8a5 797->803 801->710 807 e4b886-e4b894 call e3fab1 801->807 820 e4b991-e4b9a5 call e50d9b 802->820 808 e4b8a7-e4b8ac 803->808 809 e4b8b2-e4b8cd 803->809 807->820 808->802 808->809 822 e4b917-e4b91e 809->822 823 e4b8cf-e4b909 809->823 816 e4b7e3-e4b7eb call e566ed 810->816 817 e4b7de-e4b7e0 810->817 811->710 818 e4b7f4-e4b7fb call e52b4e 811->818 816->811 817->816 818->710 838 e4b9a7-e4b9ab 820->838 839 e4b9b2-e4ba0e call e3fab1 call e49ffc GetDlgItem SetWindowTextW SendMessageW call e52b69 820->839 829 e4b920-e4b938 call e52b33 822->829 830 e4b94c-e4b96f call e52b33 * 2 822->830 859 e4b90d-e4b90f 823->859 860 e4b90b 823->860 829->830 850 e4b93a-e4b947 call e3fa89 829->850 830->820 864 e4b971-e4b97f call e3fa89 830->864 843 e4b5f9-e4b60e SetFileAttributesW 836->843 837->710 838->839 844 e4b9ad-e4b9af 838->844 839->710 878 e4ba14-e4ba26 SendMessageW 839->878 851 e4b6b4-e4b6c0 GetFileAttributesW 843->851 852 e4b614-e4b647 call e3b1b7 call e3aea5 call e52b33 843->852 844->839 850->830 857 e4b730-e4b745 call e3a215 851->857 858 e4b6c2-e4b6d1 DeleteFileW 851->858 883 e4b649-e4b658 call e52b33 852->883 884 e4b65a-e4b668 call e3b5e5 852->884 857->837 876 e4b5f4 857->876 858->857 865 e4b6d3-e4b6d6 858->865 859->822 860->859 864->820 870 e4b6da-e4b706 call e33e41 GetFileAttributesW 865->870 881 e4b6d8-e4b6d9 870->881 882 e4b708-e4b71e MoveFileW 870->882 876->843 878->710 881->870 882->857 885 e4b720-e4b72a MoveFileExW 882->885 883->884 890 e4b66e-e4b6ae call e52b33 call e4e920 SHFileOperationW 883->890 884->837 884->890 885->857 890->851
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000800,?), ref: 00E4BB71
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4BBA5
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,00E785FA), ref: 00E4BBC5
                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00E4BBF8
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00E4BCD9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                                                                                                                                                                                  • String ID: %s%s%u
                                                                                                                                                                                                                  • API String ID: 2892007947-1360425832
                                                                                                                                                                                                                  • Opcode ID: b097c0c2a6f2f6438431df9c367e7f081a7b709f38edc1a1b67e850ddb54ef7f
                                                                                                                                                                                                                  • Instruction ID: 499ca2ef0a45e5f820e4f0aa03d4de6bfb95d856e1a6131bafa68394c78d69bf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b097c0c2a6f2f6438431df9c367e7f081a7b709f38edc1a1b67e850ddb54ef7f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC414D72940219AEEF25DB61EDC5FEE77B8AB04344F4050A6E509F6051EF709A888F51
                                                                                                                                                                                                                  Function 00E595A5 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 895 e595a5-e595be 896 e595d4-e595d9 895->896 897 e595c0-e595d0 call e5dbbc 895->897 899 e595e6-e5960a MultiByteToWideChar 896->899 900 e595db-e595e3 896->900 897->896 907 e595d2 897->907 901 e59610-e5961c 899->901 902 e5979d-e597b0 call e4e203 899->902 900->899 904 e59670 901->904 905 e5961e-e5962f 901->905 911 e59672-e59674 904->911 908 e59631-e59640 call e60ee0 905->908 909 e5964e-e5965f call e57a8a 905->909 907->896 914 e59792 908->914 922 e59646-e5964c 908->922 909->914 923 e59665 909->923 911->914 915 e5967a-e5968d MultiByteToWideChar 911->915 916 e59794-e5979b call e5980d 914->916 915->914 919 e59693-e596a5 call e59c64 915->919 916->902 924 e596aa-e596ae 919->924 926 e5966b-e5966e 922->926 923->926 924->914 927 e596b4-e596bb 924->927 926->911 928 e596f5-e59701 927->928 929 e596bd-e596c2 927->929 931 e59703-e59714 928->931 932 e5974d 928->932 929->916 930 e596c8-e596ca 929->930 930->914 933 e596d0-e596ea call e59c64 930->933 935 e59716-e59725 call e60ee0 931->935 936 e5972f-e59740 call e57a8a 931->936 934 e5974f-e59751 932->934 933->916 948 e596f0 933->948 939 e59753-e5976c call e59c64 934->939 940 e5978b-e59791 call e5980d 934->940 935->940 951 e59727-e5972d 935->951 936->940 947 e59742 936->947 939->940 953 e5976e-e59775 939->953 940->914 952 e59748-e5974b 947->952 948->914 951->952 952->934 954 e59777-e59778 953->954 955 e597b1-e597b7 953->955 956 e59779-e59789 WideCharToMultiByte 954->956 955->956 956->940 957 e597b9-e597c0 call e5980d 956->957 957->916
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E5451B,00E5451B,?,?,?,00E597F6,00000001,00000001,?), ref: 00E595FF
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E597F6,00000001,00000001,?,?,?,?), ref: 00E59685
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E5977F
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00E5978C
                                                                                                                                                                                                                    • Part of subcall function 00E57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E52FA6,?,0000015D,?,?,?,?,00E54482,000000FF,00000000,?,?), ref: 00E57ABC
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00E59795
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00E597BA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                                                                                                  • Opcode ID: 21ff900b790cd8847df2bc7dc13f8316bf95d14909cb64c7546d477ba4e77818
                                                                                                                                                                                                                  • Instruction ID: 18916da648e3b02ab40222ffe32f5f54127c8bdc0c8226660f924fe772ae5425
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21ff900b790cd8847df2bc7dc13f8316bf95d14909cb64c7546d477ba4e77818
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C51FF72620216EFDB258F64CC81EEF77A9EB48755F145A2AFC05F6142EB34DC48C6A0
                                                                                                                                                                                                                  Function 00E49AA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E3FD18
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E3E7F6,Crypt32.dll,?,00E3E878,?,00E3E85C,?,?,?,?), ref: 00E3FD3A
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00E49AB9
                                                                                                                                                                                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00E49AF0
                                                                                                                                                                                                                  • SHGetMalloc.SHELL32(00E775C0), ref: 00E49AFA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                                                                                                  • String ID: riched20.dll$3Ro
                                                                                                                                                                                                                  • API String ID: 3498096277-3613677438
                                                                                                                                                                                                                  • Opcode ID: 9ffb2e05e8e82d0405fda26c6b44c30245137e6679c3bcf6c37fcc661d0a80af
                                                                                                                                                                                                                  • Instruction ID: 42f9237a9ade7bc0e264bd6e5b2eec68d330ecb453b4a7dd38711dd30b8c6825
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ffb2e05e8e82d0405fda26c6b44c30245137e6679c3bcf6c37fcc661d0a80af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF0F471D4420DABC710AF99DC499EFFFFCEF54711F005156E815B2240D7B456058BA1
                                                                                                                                                                                                                  Function 00E39768 Relevance: 7.6, APIs: 5, Instructions: 116filetimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 964 e39768-e39789 call e4d940 967 e39794 964->967 968 e3978b-e3978e 964->968 970 e39796-e397b3 967->970 968->967 969 e39790-e39792 968->969 969->970 971 e397b5 970->971 972 e397bb-e397c5 970->972 971->972 973 e397c7 972->973 974 e397ca-e397e9 call e36ef9 972->974 973->974 977 e397f1-e3980f CreateFileW 974->977 978 e397eb 974->978 979 e39873-e39878 977->979 980 e39811-e39833 GetLastError call e3b32c 977->980 978->977 982 e3987a-e3987d 979->982 983 e39899-e398ad 979->983 989 e39862-e39867 980->989 990 e39835-e39857 CreateFileW GetLastError 980->990 982->983 984 e3987f-e39893 SetFileTime 982->984 985 e398c7-e398d2 983->985 986 e398af-e398c2 call e3fab1 983->986 984->983 986->985 989->979 993 e39869 989->993 991 e39859 990->991 992 e3985d-e39860 990->992 991->992 992->979 992->989 993->979
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,00E376F2,?,00000005,?,00000011), ref: 00E39804
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00E376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E39811
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00E376F2,?,00000005,?), ref: 00E39846
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00E376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E3984E
                                                                                                                                                                                                                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00E376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E39893
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CreateErrorLast$Time
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1999340476-0
                                                                                                                                                                                                                  • Opcode ID: 1ea708ad7028bc61636dafd1091de651adaeb19653c562402da9da55f2b573e3
                                                                                                                                                                                                                  • Instruction ID: 1ffddb1775b839a94e4f22fd3ee3db4498752c58d4434a459c256afa13d21811
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea708ad7028bc61636dafd1091de651adaeb19653c562402da9da55f2b573e3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D4126718447466FE3209F20DC09BDABFE4EB41368F10171AFAA0A61D2D3F59889CB91
                                                                                                                                                                                                                  Function 00E4A388 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1022 e4a388-e4a3a1 PeekMessageW 1023 e4a3a3-e4a3b7 GetMessageW 1022->1023 1024 e4a3dc-e4a3e0 1022->1024 1025 e4a3c8-e4a3d6 TranslateMessage DispatchMessageW 1023->1025 1026 e4a3b9-e4a3c6 IsDialogMessageW 1023->1026 1025->1024 1026->1024 1026->1025
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E4A399
                                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E4A3AA
                                                                                                                                                                                                                  • IsDialogMessageW.USER32(00030442,?), ref: 00E4A3BE
                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00E4A3CC
                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00E4A3D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1266772231-0
                                                                                                                                                                                                                  • Opcode ID: e4a11bf4cbed4b39edb703e41659be3ec296aea6343e80f92e10c545bd1e4264
                                                                                                                                                                                                                  • Instruction ID: 68850b3826880e867d4effeffa2e63d404fefc8b98770c715ea2ea6fc0b9755f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4a11bf4cbed4b39edb703e41659be3ec296aea6343e80f92e10c545bd1e4264
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F0F971E05229AF8B209FA2BC4CDEF7F6CEF056A57404025F40AE2001E6A49509C7A0
                                                                                                                                                                                                                  Function 00E49A32 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1027 e49a32-e49a51 GetClassNameW 1028 e49a53-e49a68 call e41410 1027->1028 1029 e49a79-e49a7b 1027->1029 1034 e49a78 1028->1034 1035 e49a6a-e49a76 FindWindowExW 1028->1035 1030 e49a86-e49a8a 1029->1030 1031 e49a7d-e49a80 SHAutoComplete 1029->1031 1031->1030 1034->1029 1035->1034
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000050), ref: 00E49A49
                                                                                                                                                                                                                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 00E49A80
                                                                                                                                                                                                                    • Part of subcall function 00E41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00E3ACFE,?,?,?,00E3ACAD,?,-00000002,?,00000000,?), ref: 00E41426
                                                                                                                                                                                                                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00E49A70
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                                                                                  • String ID: EDIT
                                                                                                                                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                                                                                                                                  • Opcode ID: b2ebc04cd6026de6c2414ebcbbd244eff2df7da85db6e17f22fe45ae64bf57cb
                                                                                                                                                                                                                  • Instruction ID: cad22874dcc5fc1ae6e7bd9aa91525d7f500d8f697f04a27d5da7f724ca090d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2ebc04cd6026de6c2414ebcbbd244eff2df7da85db6e17f22fe45ae64bf57cb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3F08932F452287BD73096657C09FEB776C9B86B51F440155FD01F31C0D7A0994586F5
                                                                                                                                                                                                                  Function 00E4C891 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1036 e4c891-e4c8bc call e4d940 SetEnvironmentVariableW call e3f835 1040 e4c8c1-e4c8c5 1036->1040 1041 e4c8c7-e4c8cb 1040->1041 1042 e4c8e9-e4c8ed 1040->1042 1043 e4c8d4-e4c8db call e3f94c 1041->1043 1046 e4c8cd-e4c8d3 1043->1046 1047 e4c8dd-e4c8e3 SetEnvironmentVariableW 1043->1047 1046->1043 1047->1042
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00E4C8A7
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00E4C8E3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                                                                                                                  • API String ID: 1431749950-3493335439
                                                                                                                                                                                                                  • Opcode ID: 40a4b9067c6350bb2053514ac0cd26593fe4f79b7698ab5d62fff6d65d6834e6
                                                                                                                                                                                                                  • Instruction ID: c03173c9ee7ea33ce705ae68ac14e578e5a0813dceb9997cfefa93eb0c026ed3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40a4b9067c6350bb2053514ac0cd26593fe4f79b7698ab5d62fff6d65d6834e6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45F0A7B2846225AAD7256FE1BC09FEABBAC9F09791F001056FE44B6142DAA09840D7F0
                                                                                                                                                                                                                  Function 00E3964A Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1048 e3964a-e39656 1049 e39663-e3967a ReadFile 1048->1049 1050 e39658-e39660 GetStdHandle 1048->1050 1051 e396d6 1049->1051 1052 e3967c-e39685 call e39745 1049->1052 1050->1049 1053 e396d9-e396de 1051->1053 1056 e39687-e3968f 1052->1056 1057 e3969e-e396a2 1052->1057 1056->1057 1058 e39691 1056->1058 1059 e396b3-e396b7 1057->1059 1060 e396a4-e396ad GetLastError 1057->1060 1061 e39692-e3969c call e3964a 1058->1061 1063 e396d1-e396d4 1059->1063 1064 e396b9-e396c1 1059->1064 1060->1059 1062 e396af-e396b1 1060->1062 1061->1053 1062->1053 1063->1053 1064->1063 1066 e396c3-e396cc GetLastError 1064->1066 1066->1063 1068 e396ce-e396cf 1066->1068 1068->1061
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00E3965A
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00E39672
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00E396A4
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00E396C3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2244327787-0
                                                                                                                                                                                                                  • Opcode ID: 77d8c68125e5ecb2fe76ef50b2e99b2ec60d0e702cba1e2e08652444fee39bf5
                                                                                                                                                                                                                  • Instruction ID: 74a3052cd202b09fac9c2caa2b7b8bc616edf49815ac68e0a7d6e04c1e809d46
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77d8c68125e5ecb2fe76ef50b2e99b2ec60d0e702cba1e2e08652444fee39bf5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9211C230906608EFDB205F51D94AAAA3FDDEB00364F00D529F926B6192DBF48D40DF52
                                                                                                                                                                                                                  Function 00E59A2C Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00E52E0F,00000000,00000000,?,00E599D3,00E52E0F,00000000,00000000,00000000,?,00E59BD0,00000006,FlsSetValue), ref: 00E59A5E
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00E599D3,00E52E0F,00000000,00000000,00000000,?,00E59BD0,00000006,FlsSetValue,00E66058,00E66060,00000000,00000364,?,00E585E8), ref: 00E59A6A
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E599D3,00E52E0F,00000000,00000000,00000000,?,00E59BD0,00000006,FlsSetValue,00E66058,00E66060,00000000), ref: 00E59A78
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                  • Opcode ID: 2e3a910b5ba89cd6e15989c5a1965a17fbcda2b642eebcc148f451c3fd268fa1
                                                                                                                                                                                                                  • Instruction ID: 658e2534e6d3efbe74d71e58e7fd161bd9fbbfb0022d9da9bb892a7ad1df3917
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3a910b5ba89cd6e15989c5a1965a17fbcda2b642eebcc148f451c3fd268fa1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6701F732345622EFC7218A7AAC44AD77B98AF457E67101A25FE56F7183D770D808C6F0
                                                                                                                                                                                                                  Function 00E404F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00010000,Function_0001062F,?,00000000,00000000), ref: 00E40519
                                                                                                                                                                                                                  • SetThreadPriority.KERNEL32(?,00000000), ref: 00E40560
                                                                                                                                                                                                                    • Part of subcall function 00E36CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E36CEC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                                                                                                  • String ID: CreateThread failed
                                                                                                                                                                                                                  • API String ID: 2655393344-3849766595
                                                                                                                                                                                                                  • Opcode ID: c28e2d8f62ebf8c962f7456376b9f4060096e504cec291481706eb51e40cd11a
                                                                                                                                                                                                                  • Instruction ID: 39343aeebe67b5b2695631f00974851a27f6d0859ada14ca0960a0d7a779d784
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c28e2d8f62ebf8c962f7456376b9f4060096e504cec291481706eb51e40cd11a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B401D6B1348302BFD2246F61BC46B6777A8FB84765F10643DF78AB2181CAF16885CA20
                                                                                                                                                                                                                  Function 00E39C34 Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,00E3C90A,00000001,?,?,?,00000000,00E44AF4,?,?,?,?,?,00E44599), ref: 00E39C4F
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,00E447A1,00000000,?,?,00000000,00E44AF4,?,?,?,?,?,00E44599,?), ref: 00E39C8F
                                                                                                                                                                                                                  • WriteFile.KERNELBASE(?,00000000,?,00E447A1,00000000,?,00000001,?,?,00E3C90A,00000001,?,?,?,00000000,00E44AF4), ref: 00E39CBC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4209713984-0
                                                                                                                                                                                                                  • Opcode ID: 8c651dcd479268029f6b572c34af506133745faa64a544287507ef9091422c6a
                                                                                                                                                                                                                  • Instruction ID: 0961546a89594a2773b51e2558ab5493470a6d8c93b227212ab22f43a2a0b655
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c651dcd479268029f6b572c34af506133745faa64a544287507ef9091422c6a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3031567164420AAFDB209F25D80DBA6FFE8FF51304F04A519F295B7192C7B4A849CBA1
                                                                                                                                                                                                                  Function 00E39EF2 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E39F19
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E39F4C
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E39F69
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectory$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2485089472-0
                                                                                                                                                                                                                  • Opcode ID: c314e2ebd2f28250a573542225d3075e8a9760e51dae4baf10493bbcf333e0de
                                                                                                                                                                                                                  • Instruction ID: 0a44256ad86828d87c01e872be6cbc05a0da5899a14c695c490ddc36d2e3e30d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c314e2ebd2f28250a573542225d3075e8a9760e51dae4baf10493bbcf333e0de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E301D4317082146ADB31ABA59C0DBFE7F9CAF06788F042455FA41F6093D7E4CD81C6A6
                                                                                                                                                                                                                  Function 00E4C8F0 Relevance: 4.5, APIs: 3, Instructions: 25synchronizationwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00E4C8FC
                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E4C915
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00E4C920
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ObjectSingleWait$MessagePeek
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1965964400-0
                                                                                                                                                                                                                  • Opcode ID: ce2452e1fea1038bb5ac74b772d5c9e076b4ae402b207a03b2fc05e2741d64fc
                                                                                                                                                                                                                  • Instruction ID: 875c32bc06a2a9e5f8f4468eb8ba1d4d80218f4a250fddbff941ce32529e90ce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce2452e1fea1038bb5ac74b772d5c9e076b4ae402b207a03b2fc05e2741d64fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9E08631B403087FEB206F91FC8AF9A7B69E718781F604026FB46B90D1D6F158A4C695
                                                                                                                                                                                                                  Function 00E3399D Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID: CMT
                                                                                                                                                                                                                  • API String ID: 3519838083-2756464174
                                                                                                                                                                                                                  • Opcode ID: 53be9eb67842192b3c53f32908272f8687f7e92a0e2f92fd4a17e3809689b75b
                                                                                                                                                                                                                  • Instruction ID: b639e9333c1e58c418a35dbf364c6d88a2ffe71d7033c22be10fd7b8138eadf9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53be9eb67842192b3c53f32908272f8687f7e92a0e2f92fd4a17e3809689b75b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E071C371504B44AEDB21DB30CC49EE7FBE8AF14301F44696EE5EBA7142DA316A48CF11
                                                                                                                                                                                                                  Function 00E5A51E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00E5A543
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                                                                                                  • Opcode ID: 41f61799de4d4779217265ee1e75134f61445ac656c7360444635cf4a3c14c03
                                                                                                                                                                                                                  • Instruction ID: 0a25003946c801c53c63dec18f9352d1aab0747f4fdb8ebb241149cb98add19d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41f61799de4d4779217265ee1e75134f61445ac656c7360444635cf4a3c14c03
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1414C705042489EDF228E24CC84FFABBF9EB05309F1C19FDE98AA7142D2759949CF21
                                                                                                                                                                                                                  Function 00E31D61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E31D66
                                                                                                                                                                                                                    • Part of subcall function 00E3399D: __EH_prolog.LIBCMT ref: 00E339A2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID: CMT
                                                                                                                                                                                                                  • API String ID: 3519838083-2756464174
                                                                                                                                                                                                                  • Opcode ID: 06cc5eec35824ea09cd90313907e49a42490252fbf2a35b95fdc69afb0a3adb4
                                                                                                                                                                                                                  • Instruction ID: e87dc5d293a66baae8825fdc31b2c2cc7da9ba3abcf536c0c0f0688448442569
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06cc5eec35824ea09cd90313907e49a42490252fbf2a35b95fdc69afb0a3adb4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A2168729042089FCB15EF99D946AEEFBF6EF49300F1014ADE845B7251C7325E41CBA0
                                                                                                                                                                                                                  Function 00E49CA1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E41432: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,?,00000000,?,00E3AB7B,?,?,00000000,?,?,?), ref: 00E41484
                                                                                                                                                                                                                    • Part of subcall function 00E49A8D: SetCurrentDirectoryW.KERNELBASE(?,00E49CE4,C:\Users\user\AppData\Local\Temp\IXP000.TMP,00000000,00E785FA,00000006), ref: 00E49A91
                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,00E785FA,00000006), ref: 00E49D36
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\IXP000.TMP, xrefs: 00E49CDA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CompareCurrentDirectoryFileOperationString
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP
                                                                                                                                                                                                                  • API String ID: 3543741193-2345502243
                                                                                                                                                                                                                  • Opcode ID: a415ef4018294739b86376fed09ad60e3bddbaa54457891ab28c32aaf315da5c
                                                                                                                                                                                                                  • Instruction ID: 46d7ae481b7e3833d87ad6a0ff7c1d5510698d7582d29dc3d8552332c183c1e0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a415ef4018294739b86376fed09ad60e3bddbaa54457891ab28c32aaf315da5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9201B571D4021866CF11ABA5ED0AEDF37FCAF48300F002466F609F3142EBF49A848B95
                                                                                                                                                                                                                  Function 00E59C64 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001,?,000000FF), ref: 00E59CD5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: String
                                                                                                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                                                                                                  • API String ID: 2568140703-3893581201
                                                                                                                                                                                                                  • Opcode ID: ffb2d16e393d3647e0e2ffc260e417cd6eb89291f52b89393da16b34ef8e4f8a
                                                                                                                                                                                                                  • Instruction ID: 3e1b54521844c65c9b0f7e8d7c9ff219ea66f9d3fe38f154c0ba56579554ae6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb2d16e393d3647e0e2ffc260e417cd6eb89291f52b89393da16b34ef8e4f8a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB01C232640209FBCF12AF91ED05DEE7FAAEB087A0F005518FE1466161C6B28935AB90
                                                                                                                                                                                                                  Function 00E59C02 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00E59291), ref: 00E59C4D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • InitializeCriticalSectionEx, xrefs: 00E59C1D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                  • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                  • API String ID: 2593887523-3084827643
                                                                                                                                                                                                                  • Opcode ID: f79a5353b8693244047510a5a24f85db7b0fa9bc4c0eb11e6775acff50962c76
                                                                                                                                                                                                                  • Instruction ID: 6de393fb3bb4f998ee17196c1fb2cdaa98c23ee8775b61c9ff34664abf9afade
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f79a5353b8693244047510a5a24f85db7b0fa9bc4c0eb11e6775acff50962c76
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77F0B431A8520CFBCB116F51EC05CEF7FA5EB087A1B005429FE187A261CBB14A14D780
                                                                                                                                                                                                                  Function 00E59AA7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Alloc
                                                                                                                                                                                                                  • String ID: FlsAlloc
                                                                                                                                                                                                                  • API String ID: 2773662609-671089009
                                                                                                                                                                                                                  • Opcode ID: 6248d34c4b9c70cef2be0293185100d3a10e295e20c41cc26dd5b0ac6fc01375
                                                                                                                                                                                                                  • Instruction ID: d282ce290025e9a9474d30884712db7f91fc5ea7ef10d508c232be46cbe457d0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6248d34c4b9c70cef2be0293185100d3a10e295e20c41cc26dd5b0ac6fc01375
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E0E531A89318EB8620AB62BC069AFBBA4DB45791B001869FD0577292DEB05E0486D5
                                                                                                                                                                                                                  Function 00E5281A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • try_get_function.LIBVCRUNTIME ref: 00E5282F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: try_get_function
                                                                                                                                                                                                                  • String ID: FlsAlloc
                                                                                                                                                                                                                  • API String ID: 2742660187-671089009
                                                                                                                                                                                                                  • Opcode ID: bf26f23e9e40b1311729b597dcea65bf3b4bd395fa578feda4d5adf778a2ef9f
                                                                                                                                                                                                                  • Instruction ID: 7aec13efae7c8555f43277027bb04fdbfd0b69e77bb1a8a246cb27b10cbe4e3f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf26f23e9e40b1311729b597dcea65bf3b4bd395fa578feda4d5adf778a2ef9f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FD05E72BC6728A7C51032D57C02AAABE988B02BF6F052566FF0C753D2E5E5581052D5
                                                                                                                                                                                                                  Function 00E4D7DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D7EC
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID: 3Ro
                                                                                                                                                                                                                  • API String ID: 1269201914-1492261280
                                                                                                                                                                                                                  • Opcode ID: a8a7bbd737ae6b6544bd771e6ca6e9a53904ac2de200d198ba41c683b4b557a6
                                                                                                                                                                                                                  • Instruction ID: 581eeab630442c92b3d9d446290ed4eba1ba904d647b04b56f60d91843a33c2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8a7bbd737ae6b6544bd771e6ca6e9a53904ac2de200d198ba41c683b4b557a6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64B01182BEC202FE3208A200BF0BC3A020CC0E0BAC330B02BF002F8080A882AC020032
                                                                                                                                                                                                                  Function 00E5A873 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E5A446: GetOEMCP.KERNEL32(00000000,?,?,00E5A6CF,?), ref: 00E5A471
                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00E5A714,?,00000000), ref: 00E5A8E7
                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,00E5A714,?,?,?,00E5A714,?,00000000), ref: 00E5A8FA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                                                                                                  • Opcode ID: ed76adada807cfef1c37c1c3a18ec38bb8fc91e21a769e62b22c344d927f2f6e
                                                                                                                                                                                                                  • Instruction ID: 9d8e077d212a66b2f902b6b658dc852e6022f284f84892b61dcd034e80928eb9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed76adada807cfef1c37c1c3a18ec38bb8fc91e21a769e62b22c344d927f2f6e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B551A970A002555FCB20CF71D8446BBBBE1EF81305F1C6A7ED896AB242D734994DCB92
                                                                                                                                                                                                                  Function 00E31382 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E31382
                                                                                                                                                                                                                    • Part of subcall function 00E35E99: __EH_prolog.LIBCMT ref: 00E35E9E
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: __EH_prolog.LIBCMT ref: 00E3C4CF
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: new.LIBCMT ref: 00E3C512
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: new.LIBCMT ref: 00E3C536
                                                                                                                                                                                                                  • new.LIBCMT ref: 00E313FA
                                                                                                                                                                                                                    • Part of subcall function 00E3AD1B: __EH_prolog.LIBCMT ref: 00E3AD20
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: a50eca57e8414db74d2d5c63bdbb6e1a23a4eeeb890c335f5c505496095c7595
                                                                                                                                                                                                                  • Instruction ID: c936fe7b3966141f9cd4670a26e4cffaf618753d2b4a54c54d2b11704ef09dc8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a50eca57e8414db74d2d5c63bdbb6e1a23a4eeeb890c335f5c505496095c7595
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 474125B0905B409ED724CF7988899E6FBF5FF18300F505A6ED5EE93282CB326554CB11
                                                                                                                                                                                                                  Function 00E3137D Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E31382
                                                                                                                                                                                                                    • Part of subcall function 00E35E99: __EH_prolog.LIBCMT ref: 00E35E9E
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: __EH_prolog.LIBCMT ref: 00E3C4CF
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: new.LIBCMT ref: 00E3C512
                                                                                                                                                                                                                    • Part of subcall function 00E3C4CA: new.LIBCMT ref: 00E3C536
                                                                                                                                                                                                                  • new.LIBCMT ref: 00E313FA
                                                                                                                                                                                                                    • Part of subcall function 00E3AD1B: __EH_prolog.LIBCMT ref: 00E3AD20
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: a11694a05a4988b674ee69b66df45fba37d3b462e7f8b2eb8003d8d7ac0a8513
                                                                                                                                                                                                                  • Instruction ID: 98524690e4ba4308c5b12f53196bcbb344a2fe3a477766446ea8aaa8430a6434
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a11694a05a4988b674ee69b66df45fba37d3b462e7f8b2eb8003d8d7ac0a8513
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 994137B0905B409ED724DF798889AE6FBE5FF18300F505A6ED5FE93282CB326554CB11
                                                                                                                                                                                                                  Function 00E5A6B2 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E58516: GetLastError.KERNEL32(?,00E700E0,00E53394,00E700E0,?,?,00E52E0F,?,?,00E700E0), ref: 00E5851A
                                                                                                                                                                                                                    • Part of subcall function 00E58516: _free.LIBCMT ref: 00E5854D
                                                                                                                                                                                                                    • Part of subcall function 00E58516: SetLastError.KERNEL32(00000000,?,00E700E0), ref: 00E5858E
                                                                                                                                                                                                                    • Part of subcall function 00E58516: _abort.LIBCMT ref: 00E58594
                                                                                                                                                                                                                    • Part of subcall function 00E5A7D1: _abort.LIBCMT ref: 00E5A803
                                                                                                                                                                                                                    • Part of subcall function 00E5A7D1: _free.LIBCMT ref: 00E5A837
                                                                                                                                                                                                                    • Part of subcall function 00E5A446: GetOEMCP.KERNEL32(00000000,?,?,00E5A6CF,?), ref: 00E5A471
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5A72A
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5A760
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorLast_abort
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2991157371-0
                                                                                                                                                                                                                  • Opcode ID: 3a9d009be85701fe929d0bde54b1134d6166339a93f90b4d898feb1c2f84ae4e
                                                                                                                                                                                                                  • Instruction ID: 24f272da09b763035acc609ec80e009c473909482ecab6c8270157183016a21c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a9d009be85701fe929d0bde54b1134d6166339a93f90b4d898feb1c2f84ae4e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D314C31D04104AFCB10EF69E841BAD77F1DF44366F2956AAEC047B291EB715D48CB01
                                                                                                                                                                                                                  Function 00E39528 Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00E39BF3,?,?,00E376AC), ref: 00E395B0
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00E39BF3,?,?,00E376AC), ref: 00E395E5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                  • Opcode ID: ab07f5cb5cc30b7afeba91938688944f917db443d4054739c9ef48eb72da5669
                                                                                                                                                                                                                  • Instruction ID: 1e4e360269e2d9ed63e2d772cf3a5869bca74dd8e92bf3bfd514cc7d6a64011b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab07f5cb5cc30b7afeba91938688944f917db443d4054739c9ef48eb72da5669
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2421E6B1504748BFE7318F15DC49BA77BE8EB45368F00591DF5D6A21D2C3B4AC88CA61
                                                                                                                                                                                                                  Function 00E39A7E Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,?,00E3738C,?,?,?), ref: 00E39A98
                                                                                                                                                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 00E39B48
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1392018926-0
                                                                                                                                                                                                                  • Opcode ID: d33691161048be3d3c6bb4ef293f4838b9598891f674cf32a555d6030597fa93
                                                                                                                                                                                                                  • Instruction ID: c2fc5eb85f3af5402e6e49e236f22d74d3fcf37be942dc363f475fd7a119cc77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d33691161048be3d3c6bb4ef293f4838b9598891f674cf32a555d6030597fa93
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D21D331648285AFC714DE24D999AABBFE4AF95308F042A2CB881D7142D7A5ED0CD7A1
                                                                                                                                                                                                                  Function 00E59990 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00E599F0
                                                                                                                                                                                                                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E599FD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2279764990-0
                                                                                                                                                                                                                  • Opcode ID: 70c8751025b879da9c11cafb089b5f89d94e3627f62113ff05a7d50de1e00e1b
                                                                                                                                                                                                                  • Instruction ID: 225c4b68b0a42e321c777095cf07ea6b3cb451ef91fb5f9e8e44f3bb477a2d94
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70c8751025b879da9c11cafb089b5f89d94e3627f62113ff05a7d50de1e00e1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C110633B00561DF9F22DE29EC408DB7395AB813657166A24FD18FB296D730EC09C6E1
                                                                                                                                                                                                                  Function 00E39B57 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00E39B8D
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00E39B99
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                  • Opcode ID: 4e902ede5c4f6703b46fa1de7e98bb1d4431fb7d2511917646e97bfa6832f9a9
                                                                                                                                                                                                                  • Instruction ID: 78e17ece5d0a255a238b64876dc64be352778c3480f83e9c2b4ceee86630f584
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e902ede5c4f6703b46fa1de7e98bb1d4431fb7d2511917646e97bfa6832f9a9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD0192713002006FE7349E29EC8C76BBADAAB84318F14853EB142E36C1CBB5D808C625
                                                                                                                                                                                                                  Function 00E39903 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 00E39957
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00E39964
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                  • Opcode ID: c7bc7032d441ed8a6ed852944c501965e5a97e42726f178907304782bbe88891
                                                                                                                                                                                                                  • Instruction ID: 5fd0f394e7ecef745cd5a073a14dd650ca17672e60a3d489491ad8175ee98871
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7bc7032d441ed8a6ed852944c501965e5a97e42726f178907304782bbe88891
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D601B5322001059B8B18DE2A9D8C7BF7F59AFC1334F05521DE926AB253DBB1DC15D660
                                                                                                                                                                                                                  Function 00E57B78 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E57B99
                                                                                                                                                                                                                    • Part of subcall function 00E57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E52FA6,?,0000015D,?,?,?,?,00E54482,000000FF,00000000,?,?), ref: 00E57ABC
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00E700E0,00E3CB18,?,?,?,?,?,?), ref: 00E57BD5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocate_free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2447670028-0
                                                                                                                                                                                                                  • Opcode ID: 56e4a16a475f6d7e3ebf9610fab25dbb2d9c628040326a2c5185c2de73ab86d5
                                                                                                                                                                                                                  • Instruction ID: 6c1ecb55f745e2088c0ab99d801090587394e97f37f4b9739f05612ad92ae6eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56e4a16a475f6d7e3ebf9610fab25dbb2d9c628040326a2c5185c2de73ab86d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EF0C2326081056ECB613A22BC05F6F3B9A9F817B7B152956FCD8BA090DB30DC2881A1
                                                                                                                                                                                                                  Function 00E40574 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 00E40581
                                                                                                                                                                                                                  • GetProcessAffinityMask.KERNEL32(00000000), ref: 00E40588
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1231390398-0
                                                                                                                                                                                                                  • Opcode ID: 8fc5443c7c068f2cdfd55d5caf48b208c594abc5d6c987492520b9a7ce1e9655
                                                                                                                                                                                                                  • Instruction ID: 7afc408442a48352da19abcb2b04fd48ece9462ef22d0ef76f8a911db45a7fb7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fc5443c7c068f2cdfd55d5caf48b208c594abc5d6c987492520b9a7ce1e9655
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80E09B32E10105AB5F2496A5BC058EB73ADD748345B10617DEB02F3700F939DD014EB4
                                                                                                                                                                                                                  Function 00E3A12F Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E39F65,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E3A143
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E39F65,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E3A174
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                  • Opcode ID: ac8037425794aea8b04b27af5e59aacf9df52f24a82150ac7cb7c6688af72727
                                                                                                                                                                                                                  • Instruction ID: 02369f94f814dc7b7f0063c87673b9deed227d4b180e4e1664d6413728d301e7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac8037425794aea8b04b27af5e59aacf9df52f24a82150ac7cb7c6688af72727
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54F0A031141109ABDF025F71EC04BEA3BACAB043C1F489065FD8CA6161DBB3C9D9EB50
                                                                                                                                                                                                                  Function 00E4CB57 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemText_swprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3011073432-0
                                                                                                                                                                                                                  • Opcode ID: c7e826f55beb15478eb030806e1ee3176c3ef199c3b52522d7c071b6912bd1af
                                                                                                                                                                                                                  • Instruction ID: 6d93a763892f87213e54ab2083a22e5a8eaa9d77975d9b4e4dcf5a6734542050
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e826f55beb15478eb030806e1ee3176c3ef199c3b52522d7c071b6912bd1af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9F0E531A0D3483AEB12EB72BC07F9E3B9CD704781F5404A5BA05B31A2E5716AA48762
                                                                                                                                                                                                                  Function 00E39E18 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,00E39648,?,?,00E394A3), ref: 00E39E29
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00E39648,?,?,00E394A3), ref: 00E39E57
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeleteFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4033686569-0
                                                                                                                                                                                                                  • Opcode ID: 2c903b0796495b9c1236da8ef04683d54bf16fb13c5da1f2d20ee80cf3f2bf12
                                                                                                                                                                                                                  • Instruction ID: 3edbc3d0160fa17db74e9890077cd7ef11c1d035cc42fca40ecdcbaede05bbf2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c903b0796495b9c1236da8ef04683d54bf16fb13c5da1f2d20ee80cf3f2bf12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E02B301411086BDB019F22EC04FEA379CAB043C1F844065B948E3151DBF1CC98D960
                                                                                                                                                                                                                  Function 00E39E7F Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00E39E74,?,00E374F7,?,?,?,?), ref: 00E39E90
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00E39E74,?,00E374F7,?,?,?,?), ref: 00E39EBC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                  • Opcode ID: bcf8cfd127458f7e5b07783734afa52bd9daf7918c394eeb7c7f63c677df7c95
                                                                                                                                                                                                                  • Instruction ID: f81b5958b0fe99dc9e65702cd019314d96b5c1f1d0579963e6580bf3b4fac2e6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcf8cfd127458f7e5b07783734afa52bd9daf7918c394eeb7c7f63c677df7c95
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95E09B325001286BCB11AB75DC08BD97B9C9B083E1F004161FE55F31D2D7F19D45CAD0
                                                                                                                                                                                                                  Function 00E3FCFD Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E3FD18
                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E3E7F6,Crypt32.dll,?,00E3E878,?,00E3E85C,?,?,?,?), ref: 00E3FD3A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1175261203-0
                                                                                                                                                                                                                  • Opcode ID: bc116e156c1fb6df541b097061185f17d04019404e61a30f9642287833d5b92c
                                                                                                                                                                                                                  • Instruction ID: 6d0201dd8d13c393f2694faaee048ecdf64c2692e97edc6d4aa291746bfe12eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc116e156c1fb6df541b097061185f17d04019404e61a30f9642287833d5b92c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E0127690415C6ADB119A95AC09FEB77ACEF083D1F4400A5BA48E2045DAB4D944CBA0
                                                                                                                                                                                                                  Function 00E4938E Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00E493AF
                                                                                                                                                                                                                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00E493B6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: BitmapCreateFromGdipStream
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1918208029-0
                                                                                                                                                                                                                  • Opcode ID: 5658ec534165feda79093986c246a369d3c433b4c55c31a5dc927ba0d8ceabb9
                                                                                                                                                                                                                  • Instruction ID: 59e99d45933f098d5a9b20073dbc047f4f240cd543aa2b80b4e08fc2af3da109
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5658ec534165feda79093986c246a369d3c433b4c55c31a5dc927ba0d8ceabb9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2E06D71804218EFC720DF98D9016AAB7F8EB08320F10805AE844A3302E770AE049BA1
                                                                                                                                                                                                                  Function 00E49B08 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GdiplusShutdown.GDIPLUS(?,?,?,00E61161,000000FF), ref: 00E49B31
                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?,?,?,00E61161,000000FF), ref: 00E49B36
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: GdiplusShutdownUninitialize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3856339756-0
                                                                                                                                                                                                                  • Opcode ID: 38b227f3c8651a6c5862f51cb851f0b18bb8a8e02430f07f5ecb36cdeb392dbf
                                                                                                                                                                                                                  • Instruction ID: 45f5061ebb6b768d4fd77e510b892de6d48812698738acda447596fd2de90faa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38b227f3c8651a6c5862f51cb851f0b18bb8a8e02430f07f5ecb36cdeb392dbf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BE01A32A486449FC711DB49EC46B56B7E8FB09B20F0447A9F91AA3B90CB756800CBD1
                                                                                                                                                                                                                  Function 00E51726 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E5281A: try_get_function.LIBVCRUNTIME ref: 00E5282F
                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E51744
                                                                                                                                                                                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00E5174F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 806969131-0
                                                                                                                                                                                                                  • Opcode ID: 43e7e6ca6ece23ef9f141da15c158ce5ee29b61e534e71d4c02312d4f541783d
                                                                                                                                                                                                                  • Instruction ID: 69569d41d1a2cb26e4b95b1880091a1d37bc351f4d795cf52a9bd17245b27dc5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43e7e6ca6ece23ef9f141da15c158ce5ee29b61e534e71d4c02312d4f541783d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CD0A764A44301084D0426B97812749178445177B7BF07ECBFD20BA0C2EA60400D7525
                                                                                                                                                                                                                  Function 00E312B2 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemShowWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3351165006-0
                                                                                                                                                                                                                  • Opcode ID: 5799c46e0f21cc7c9e6c93d4246a10bdb34802a6289dac6e21e0af6d03828502
                                                                                                                                                                                                                  • Instruction ID: 7f21d9ff1a6122052eedd038dfc2e0210a665ade9d36f0bc7b095f69d6571267
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5799c46e0f21cc7c9e6c93d4246a10bdb34802a6289dac6e21e0af6d03828502
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1C01272A5C200BECB011BB2EC09D2FBBACABA4252F04C908F0B6D01A0C678C014DB11
                                                                                                                                                                                                                  Function 00E31294 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00E312A2
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00E312A9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherItemUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4250310104-0
                                                                                                                                                                                                                  • Opcode ID: 2f85b8b4a65bd0e58ca72956c4d8d26e3ce3db2d1ecbb22fa8c839a32b57c919
                                                                                                                                                                                                                  • Instruction ID: 87526e805bc9bb233c986be7b85874cb084a559e367ed64ec4c654a9441dc880
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f85b8b4a65bd0e58ca72956c4d8d26e3ce3db2d1ecbb22fa8c839a32b57c919
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49C04C76A0C240BFCB015BA2AC08D2FBFA9AB98352F44C809F1A690124C7758514DB11
                                                                                                                                                                                                                  Function 00E31973 Relevance: 1.8, APIs: 1, Instructions: 285COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: a765c4c6d14afc2c65a5fcb735914b123b7549702657e5ac6478fbeb19566bf6
                                                                                                                                                                                                                  • Instruction ID: ff09213e82bd65f1668a863b6c73865fb1dbfebe310a294766b89fcd27a4ac5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a765c4c6d14afc2c65a5fcb735914b123b7549702657e5ac6478fbeb19566bf6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93B1C070A04646AFEB19CF78C48CBB9FFE5BF05308F14629DE455A3281DB21A964CB91
                                                                                                                                                                                                                  Function 00E381C4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E381C9
                                                                                                                                                                                                                    • Part of subcall function 00E3137D: __EH_prolog.LIBCMT ref: 00E31382
                                                                                                                                                                                                                    • Part of subcall function 00E3137D: new.LIBCMT ref: 00E313FA
                                                                                                                                                                                                                    • Part of subcall function 00E31973: __EH_prolog.LIBCMT ref: 00E31978
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: 24f98ba9da56d4ca90f9f028d8cc6e6192d09e4e8d2b2d9644fca8dc09f714f5
                                                                                                                                                                                                                  • Instruction ID: fef06927c2bc5f261566050217edd73606a9a83e44a65e200b4809ba667f14ca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24f98ba9da56d4ca90f9f028d8cc6e6192d09e4e8d2b2d9644fca8dc09f714f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5141BE71900654AADB24EB61CD59BEABBB8AF40304F0410EAF58AB3153DB746FC8DB50
                                                                                                                                                                                                                  Function 00E42A7F Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: 122cc4a636fbc5db36d3c8532daffac96f08d46e0915c3865a427413f2c81517
                                                                                                                                                                                                                  • Instruction ID: b44d6c1e0487c5a827b2d3f030d1763a338c530cc8af92432843cbf367203ec5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 122cc4a636fbc5db36d3c8532daffac96f08d46e0915c3865a427413f2c81517
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 042104B1E40215ABDB14DF74AC42A6A77A8FB45318F04567EFA09FB281D7709D00C6A8
                                                                                                                                                                                                                  Function 00E49EEF Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E49EF4
                                                                                                                                                                                                                    • Part of subcall function 00E3137D: __EH_prolog.LIBCMT ref: 00E31382
                                                                                                                                                                                                                    • Part of subcall function 00E3137D: new.LIBCMT ref: 00E313FA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: c11ad9677e8e0e914324429c567b99c50fce6151139c65a32e85d7f70e219233
                                                                                                                                                                                                                  • Instruction ID: f4ff487d68b82c2e243096352f96826034d1fab187634259c2d7874e5af94c31
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c11ad9677e8e0e914324429c567b99c50fce6151139c65a32e85d7f70e219233
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD213B71D04249AACF15DFA5E9829FEBBF4AF59314F0014EEE809B7202D7356E09CB61
                                                                                                                                                                                                                  Function 00E3910B Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: a936e783daf646248fcfd1f29e4341a3ddaee829494b96b6bcc8a678d05158d0
                                                                                                                                                                                                                  • Instruction ID: 628836163bb5ef5f11f01faeee13218cbb6a3f3534c81bf5a3f97fd2c77dec55
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a936e783daf646248fcfd1f29e4341a3ddaee829494b96b6bcc8a678d05158d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A711C277E01429ABCF12ABA8CC499EEBF76AF48340F025155FC0077212CB348D05C7A0
                                                                                                                                                                                                                  Function 00E3A728 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 81b87c3cda9d94fb03dbc9acbfe83570ebc6475f95ab8791f6959f2a5d1f6161
                                                                                                                                                                                                                  • Instruction ID: 659ea77c06a0ee9f4c771397efcd0535798590358291b9fe7070b94a3d4910a8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81b87c3cda9d94fb03dbc9acbfe83570ebc6475f95ab8791f6959f2a5d1f6161
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80F081315007059ECB30DA34D8897267BF8EB11324F24992BE4E9E3290D770D8C0C742
                                                                                                                                                                                                                  Function 00E57A8A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,00E52FA6,?,0000015D,?,?,?,?,00E54482,000000FF,00000000,?,?), ref: 00E57ABC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: 72f013476b5202120243762e627ee5e351700cb0f45377a423e1c2e8113ad66a
                                                                                                                                                                                                                  • Instruction ID: 14b50f6dfa93af737eaddc11ce39b2113332f43bb07dedc7add5da99fb80fa68
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72f013476b5202120243762e627ee5e351700cb0f45377a423e1c2e8113ad66a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDE0E5212082216AD63126227D01B5F3A8CEF513B7F093921FD94B60D2CF20CE2882E1
                                                                                                                                                                                                                  Function 00E35A1D Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E35A22
                                                                                                                                                                                                                    • Part of subcall function 00E3AD1B: __EH_prolog.LIBCMT ref: 00E3AD20
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                                                                                  • Opcode ID: 735733d7096e531ec6fe2a91b53f810fb33e2c76793273b3f20d34ce315a0942
                                                                                                                                                                                                                  • Instruction ID: 3bacdf38d6d73e4ae1d472737b131cba14fa2cf36797df8cbbf0c1e5f559b3ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735733d7096e531ec6fe2a91b53f810fb33e2c76793273b3f20d34ce315a0942
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901A430A19684DAD715E7B4C52A3EEBBE49F65314F0015ADE44D63382CBB82B04D763
                                                                                                                                                                                                                  Function 00E3A1B1 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E3A1E0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseFind
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1863332320-0
                                                                                                                                                                                                                  • Opcode ID: 23feeb6c7955551f720cc5aaca17466f5c851b6a677d405fc9aa84a41793fe53
                                                                                                                                                                                                                  • Instruction ID: 8de2563f3ebaea0befa2ec91a89f68bb6978458e71ea84baf87184b21f539dea
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23feeb6c7955551f720cc5aaca17466f5c851b6a677d405fc9aa84a41793fe53
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1F08231009790AECA225BB44808BC7BFD16F16331F089A4DF1FD721A2C7B650D9DB22
                                                                                                                                                                                                                  Function 00E402E8 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetThreadExecutionState.KERNEL32(00000001), ref: 00E4031D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExecutionStateThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2211380416-0
                                                                                                                                                                                                                  • Opcode ID: 84780d775c15fd6b8ea918c0ef91a75bcc6dce5e2d3b236ec7baa278a1a690d8
                                                                                                                                                                                                                  • Instruction ID: 4a7cb2ccdfdc40dcdb9fcd4a3ecb75f431146f33759304eefc1c2c364273520a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84780d775c15fd6b8ea918c0ef91a75bcc6dce5e2d3b236ec7baa278a1a690d8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD02B1070015066DA21773438097FE4F864FC1360F0C7079F349763C38A65088FD2A1
                                                                                                                                                                                                                  Function 00E495CF Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GdipAlloc.GDIPLUS(00000010), ref: 00E495D5
                                                                                                                                                                                                                    • Part of subcall function 00E4938E: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00E493AF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1915507550-0
                                                                                                                                                                                                                  • Opcode ID: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                                                                                                                                                                                                                  • Instruction ID: 1552aa68be88d1218c7b41c06609f95c0eb2e827e4daaddab6119a049f95d03e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46D05E306041096BDB51AE74AC02A6F7AD8DB00310F105026BC04B5142F971D910A2A1
                                                                                                                                                                                                                  Function 00E39745 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileType.KERNELBASE(000000FF,00E39683), ref: 00E39751
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3081899298-0
                                                                                                                                                                                                                  • Opcode ID: 079188bea77dc1d9b3dac0527f9f2af9b12363d43172831f362adf9157482467
                                                                                                                                                                                                                  • Instruction ID: 8a0996c4067ee25a50f5d59b75e4df6ba1587ce696d1c9aa1dd0a98c0d6f60a0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 079188bea77dc1d9b3dac0527f9f2af9b12363d43172831f362adf9157482467
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97D0123003160095CF611E385E0D0566E559F433AEF38D6A5D025D40F3C762C803F500
                                                                                                                                                                                                                  Function 00E4C9FE Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 00E4CA23
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E4A399
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E4A3AA
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: IsDialogMessageW.USER32(00030442,?), ref: 00E4A3BE
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: TranslateMessage.USER32(?), ref: 00E4A3CC
                                                                                                                                                                                                                    • Part of subcall function 00E4A388: DispatchMessageW.USER32(?), ref: 00E4A3D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 897784432-0
                                                                                                                                                                                                                  • Opcode ID: c12ac56fedf72d8433cec249383e18f6f66fefab8c758f9dd94baa3bde27e8fc
                                                                                                                                                                                                                  • Instruction ID: edcf397c53a5b3b78fd90369ec0eb9dbeba40837907f3ca9a5a5f0bca66f0e0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c12ac56fedf72d8433cec249383e18f6f66fefab8c758f9dd94baa3bde27e8fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37D09E35658300AEDB012B52DE06F0E7AF2AB9CB44F404564F245740F186629D209B12
                                                                                                                                                                                                                  Function 00E4D1C9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 8a9a48d08b743c32a19c3a3313ad26579dc371543650e32511c70a6b53daa5be
                                                                                                                                                                                                                  • Instruction ID: da3634d8fb9f26c67648b32a42c875446aa690e20c7ad1ca95d55998a64abdc3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a9a48d08b743c32a19c3a3313ad26579dc371543650e32511c70a6b53daa5be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4B01281BDD100EC350461047C03C76035CC0C0B54370F02AF805F2240D8405C000032
                                                                                                                                                                                                                  Function 00E4D1D3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: c1c9f91a5a9267614124249b8814bd58d953c16cd78ca27765c83286661f190b
                                                                                                                                                                                                                  • Instruction ID: 929c8cb02235aadd7cc16ac888cb9867a70280dacab9581b276ab679733417fd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1c9f91a5a9267614124249b8814bd58d953c16cd78ca27765c83286661f190b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64B01281FED100EC3604A1047E03C76024CD0C4B54370B02BF404F5640D8425C010032
                                                                                                                                                                                                                  Function 00E4D1DD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 0609e6997901a9f131873bb85bfadc2e29361b27765176700c990379178a444c
                                                                                                                                                                                                                  • Instruction ID: d321a84bf320af8a0ab2cb86294708ef1521db399e9463b07d850f19df1f43cc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0609e6997901a9f131873bb85bfadc2e29361b27765176700c990379178a444c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4B01281BDD100EC350461047D03C76024CC0C4B54370B02AF405F2240D8415C010032
                                                                                                                                                                                                                  Function 00E4D1A4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: b2fac28621afa4f28986f89655998752189da9583c625d3aa6e829832c4dd54c
                                                                                                                                                                                                                  • Instruction ID: 61f6f07106c024f01a4616debcd41c9c4f5aa1b07b9d41f5438edbde400cc1e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2fac28621afa4f28986f89655998752189da9583c625d3aa6e829832c4dd54c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51B01281BDD204FC35043100FD03C76020DC1C0B54370B12AF401F118098405C400032
                                                                                                                                                                                                                  Function 00E4D1BF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: b379ca703db887a4143ff04d7678d198830364de80a92607587f3e7643ce7464
                                                                                                                                                                                                                  • Instruction ID: de68bd9db73c723ce76b4253d05050e888b4f396bcfb5e15b2b48a1ac3bc35a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b379ca703db887a4143ff04d7678d198830364de80a92607587f3e7643ce7464
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37B01291BDD100EC350461057C07C76024CD0C0B54370B42AF405F1288D8805C000032
                                                                                                                                                                                                                  Function 00E4D234 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D217
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 53fa81ae7d8664cee17261c4e01028f304344ea327594dd4171664b34874d346
                                                                                                                                                                                                                  • Instruction ID: f2fd345fcfee413a7169fd49683ca7be8762c4ca0cde1d1606b949d4b2223f77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53fa81ae7d8664cee17261c4e01028f304344ea327594dd4171664b34874d346
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16B012C57DC100EC310551487C03D36034CE0C0B78330F12BF405F1040D8849C000032
                                                                                                                                                                                                                  Function 00E4D23E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D217
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 1353146dfbb710c5604ff15767e1ad4e8aa0c3a6738636874f0460136c57f22e
                                                                                                                                                                                                                  • Instruction ID: c63893874f67ea29f5579fde34f7b34c36b05e9a4c54cc0271e4d1698c8cc12b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1353146dfbb710c5604ff15767e1ad4e8aa0c3a6738636874f0460136c57f22e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DB012C57DC100EC310551497C03E36034CF0C0B78330F12BF005F1044D8C49C000032
                                                                                                                                                                                                                  Function 00E4D205 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D217
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: d12509e18e3257f9147a74e9bb441c9400a9cdce7afdaff51e2fa1ed47569d23
                                                                                                                                                                                                                  • Instruction ID: 5389153ee52e2063fbae95ddda4e456b0354ae620086bb2b2271e8c506f1b643
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d12509e18e3257f9147a74e9bb441c9400a9cdce7afdaff51e2fa1ed47569d23
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEB012C57DC200FC310511457C03C36030CE1C0F78330F22BF011F008498849C400032
                                                                                                                                                                                                                  Function 00E4D1EC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: f4a817e12d54f97261b9901a8fdfd8cd73fc4f61a5376487e299ad0ffd4af5d0
                                                                                                                                                                                                                  • Instruction ID: a3b5ffaa93d57183a97fa78260b2b82ec77383af1dd9ed48e8e4db2c0f52d62a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4a817e12d54f97261b9901a8fdfd8cd73fc4f61a5376487e299ad0ffd4af5d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BA01182AAE202FC38082200BC02CBA020CC0C0BA8330B82AF802F0280A88028000032
                                                                                                                                                                                                                  Function 00E4D1F6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: f60390da385df55417b4561db6d22a442a9b8de980f2c7618b0f36f69b54e041
                                                                                                                                                                                                                  • Instruction ID: a3b5ffaa93d57183a97fa78260b2b82ec77383af1dd9ed48e8e4db2c0f52d62a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f60390da385df55417b4561db6d22a442a9b8de980f2c7618b0f36f69b54e041
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BA01182AAE202FC38082200BC02CBA020CC0C0BA8330B82AF802F0280A88028000032
                                                                                                                                                                                                                  Function 00E4D225 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D217
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: a3beceafeac14ab684537baf8df6b6020e606c3c13bc02a0ffd0605caf69ca06
                                                                                                                                                                                                                  • Instruction ID: 681dd598cf24c43c56d03c068b635a8a99af6206d6a2c3cdc438d440ae00a34c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3beceafeac14ab684537baf8df6b6020e606c3c13bc02a0ffd0605caf69ca06
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BA011CA2EC202FC300A2280BC02C3A030CE0C0BB8330EA2AF002F0080A888A8000032
                                                                                                                                                                                                                  Function 00E4D22F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D217
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 854e17deec477d79e6cf0a59a2445a55416e086c54c86d22d129be5863cfcced
                                                                                                                                                                                                                  • Instruction ID: 681dd598cf24c43c56d03c068b635a8a99af6206d6a2c3cdc438d440ae00a34c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 854e17deec477d79e6cf0a59a2445a55416e086c54c86d22d129be5863cfcced
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BA011CA2EC202FC300A2280BC02C3A030CE0C0BB8330EA2AF002F0080A888A8000032
                                                                                                                                                                                                                  Function 00E4D200 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00E4D1B6
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E4D5B7
                                                                                                                                                                                                                    • Part of subcall function 00E4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E4D5C8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                  • Opcode ID: 29c02fe395ce760745d4be99e42a0885140d22d3a78005242f2e3a10193df29e
                                                                                                                                                                                                                  • Instruction ID: a3b5ffaa93d57183a97fa78260b2b82ec77383af1dd9ed48e8e4db2c0f52d62a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29c02fe395ce760745d4be99e42a0885140d22d3a78005242f2e3a10193df29e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BA01182AAE202FC38082200BC02CBA020CC0C0BA8330B82AF802F0280A88028000032
                                                                                                                                                                                                                  Function 00E39BD6 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetEndOfFile.KERNELBASE(?,00E38F33,?,?,-00001960), ref: 00E39BD9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 749574446-0
                                                                                                                                                                                                                  • Opcode ID: aab1482a3ff176d885b85c40dd582bbce0021c89073d7dbfa16aade08dc4c725
                                                                                                                                                                                                                  • Instruction ID: ccc99148d661db0a498acda219a062b89c45715590f75d12ecb806314bfd88d8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aab1482a3ff176d885b85c40dd582bbce0021c89073d7dbfa16aade08dc4c725
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4B012300A44054A8E002B30DD044143A11E71130A3004164A002D5061CB12C0079600
                                                                                                                                                                                                                  Function 00E49A8D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,00E49CE4,C:\Users\user\AppData\Local\Temp\IXP000.TMP,00000000,00E785FA,00000006), ref: 00E49A91
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1611563598-0
                                                                                                                                                                                                                  • Opcode ID: 79c9ea52d30b9a011ed88009e87e114566537fd63c9df48fd4eed414b6755953
                                                                                                                                                                                                                  • Instruction ID: d38a583a33bc0aef502cd4f7698d1e50e598369876b5c27133a4dd916db20ee6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79c9ea52d30b9a011ed88009e87e114566537fd63c9df48fd4eed414b6755953
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FA012301990064B8A000B30DC09C1676515771742F00C624B202C00A0CB308814A500
                                                                                                                                                                                                                  Function 00E394DA Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(000000FF,?,?,00E394AA), ref: 00E394F5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                  • Opcode ID: 95319d06e3893f23149302ae81d877601c094b9bda04d3583adf542ca9938702
                                                                                                                                                                                                                  • Instruction ID: 6737c34f178b79e13fb6a5a399b0bfb6dfe82ae59231fb18c890e87586df81e3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95319d06e3893f23149302ae81d877601c094b9bda04d3583adf542ca9938702
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F08270442B04AEDB318A24D54D792BBE89B12739F04AB5ED0E7635E1D3B1688DDB20

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00E4AFB9 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00E4B04A
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000006), ref: 00E4B05D
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000006C), ref: 00E4B079
                                                                                                                                                                                                                  • SetFocus.USER32(00000000), ref: 00E4B080
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 00E4B0C0
                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00E4B0F3
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00E4B109
                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E4B127
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E4B137
                                                                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00E4B154
                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00E4B172
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4B1A2
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00E4B1B5
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00E4B1B8
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4B213
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 00E4B226
                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00E4B23C
                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00E4B25C
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E4B26C
                                                                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00E4B286
                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00E4B29E
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4B2CF
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00E4B2E2
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E4B332
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 00E4B345
                                                                                                                                                                                                                    • Part of subcall function 00E49D99: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00E49DBF
                                                                                                                                                                                                                    • Part of subcall function 00E49D99: GetNumberFormatW.KERNEL32(00000400,00000000,?,00E6D600,?,?), ref: 00E49E0E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                                                                                                                  • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                                                                                                  • API String ID: 797121971-1840816070
                                                                                                                                                                                                                  • Opcode ID: 7f6f49ec4eb859a1bacd31dc1c68a2163e09dbe4a752769d886b58269977d26e
                                                                                                                                                                                                                  • Instruction ID: 27025a10a351c99b57b392b41eb99f2148011f98504683775deab45ae2240838
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f6f49ec4eb859a1bacd31dc1c68a2163e09dbe4a752769d886b58269977d26e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A917F72648348BFD6219BA1ED49FEB77ACEB89744F001819F649E6081D7B1E6088762
                                                                                                                                                                                                                  Function 00E36FC6 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E36FCB
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 00E3712B
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00E3713B
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E37A24
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: GetLastError.KERNEL32 ref: 00E37A6A
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: CloseHandle.KERNEL32(?), ref: 00E37A79
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 00E37146
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00E37254
                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00E37280
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00E37292
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000015,00000000,?), ref: 00E372A2
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00E372EE
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00E37316
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                                                                                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                                                                                  • API String ID: 3935142422-3508440684
                                                                                                                                                                                                                  • Opcode ID: f9bad66365d4239dfa64b3a5bedfbd8fa403e2343ee7ed1c37f53260440ac6b9
                                                                                                                                                                                                                  • Instruction ID: 3c6bd1a329b1df4b4f6cc85b2460a80579aa854b9ae7bd40df2179c1c58fc205
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9bad66365d4239dfa64b3a5bedfbd8fa403e2343ee7ed1c37f53260440ac6b9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DB1F3B19042189FDB21DFA4DC49BEF7BB8AF09304F0054A9F959F7192D770AA49CB60
                                                                                                                                                                                                                  Function 00E330FC Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 605COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog_memcmp
                                                                                                                                                                                                                  • String ID: CMT$h%u$hc%u
                                                                                                                                                                                                                  • API String ID: 3004599000-3282847064
                                                                                                                                                                                                                  • Opcode ID: 9e1e01ab885aed7d052762a1a1c4e725eda542db3088770a1b175dad758c4677
                                                                                                                                                                                                                  • Instruction ID: c97708400bf321d949ba41a0b83989b9e9935a0425f79950a1593921a8379d0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e1e01ab885aed7d052762a1a1c4e725eda542db3088770a1b175dad758c4677
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E532A3715142849FDF18DF74C88AEEA3BE5AF54304F04547EFD4AAB282DB709A48CB61
                                                                                                                                                                                                                  Function 00E5C55E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                  • Opcode ID: b7e515289f5c32155935b833de49d3668baef6f4a5964f0d11d30dcd095a1c69
                                                                                                                                                                                                                  • Instruction ID: c98ccf0c1c70718cc797909c5ddb7dece8fa41fe9ab2f2db2b24ddea06b1944e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7e515289f5c32155935b833de49d3668baef6f4a5964f0d11d30dcd095a1c69
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33C21B71E086288FDB25CE28DD507E9B7B5EB44306F2459EAD84DF7240E774AE898F40
                                                                                                                                                                                                                  Function 00E32692 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 783COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E3269B
                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00E32C1F
                                                                                                                                                                                                                    • Part of subcall function 00E40FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E3B312,00000000,?,?,?,00030442), ref: 00E40FFA
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E32D76
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                                                                                                                  • String ID: CMT
                                                                                                                                                                                                                  • API String ID: 1706572503-2756464174
                                                                                                                                                                                                                  • Opcode ID: 93bfdfc9055aa8b8e7691f2fb6b70b1f7af10d6691677e9077e2345ac5230698
                                                                                                                                                                                                                  • Instruction ID: ec70ca95ac060e74f0f1bd07d14b31b11111dfa93b3697c809497c0fedb4de2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93bfdfc9055aa8b8e7691f2fb6b70b1f7af10d6691677e9077e2345ac5230698
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 326203716002448FDF18DF78C899AEA7FE1AF54304F05557EEE8AAB282D771D944CB60
                                                                                                                                                                                                                  Function 00E57BE1 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00E57CD9
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00E57CE3
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000311,?,?,?,?,?,00000000), ref: 00E57CF0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                  • Opcode ID: 45067c6d759d218d4df8cf689820885691254919cb7da546b7ee14378420e179
                                                                                                                                                                                                                  • Instruction ID: 4380eade3190debc346897e95cf1c50a04025242a580313b057e0ba3e30ae86a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45067c6d759d218d4df8cf689820885691254919cb7da546b7ee14378420e179
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE31D47490122CABCB21DF64EC88B9DBBB8BF08310F5055DAE90CA7290E7709F858F45
                                                                                                                                                                                                                  Function 00E5C0B0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                                                                                                                                                                                                                  • Instruction ID: 6b09a5389c6be18326459ade63235345e4f1ae9457df00c7c404b4ac812edce2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67023B71E002199FDF14CFA9C8906ADB7F1FF88315F259669D919F7280D730AA45CB90
                                                                                                                                                                                                                  Function 00E49D99 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00E49DBF
                                                                                                                                                                                                                  • GetNumberFormatW.KERNEL32(00000400,00000000,?,00E6D600,?,?), ref: 00E49E0E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2169056816-0
                                                                                                                                                                                                                  • Opcode ID: f01efbbe98c8e2f4759de984d413c32a85011a29a384f12a23d4c79ea21c71db
                                                                                                                                                                                                                  • Instruction ID: 28f060f0ff89f981552bb09c1c1071f79659f7a54c9d30e981208bab0cc4a9c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f01efbbe98c8e2f4759de984d413c32a85011a29a384f12a23d4c79ea21c71db
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4015E35A44308AEDB109FA6EC45FAB77BCEF49750F405426FA08B71A1D3B0992887A5
                                                                                                                                                                                                                  Function 00E36D06 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00E40DE0,?,00000200), ref: 00E36D06
                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00E36D27
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                                                                  • Opcode ID: 429f1e839fa16d832718f02e8d402f2da0825e0d1af39ee131b0a738e3690622
                                                                                                                                                                                                                  • Instruction ID: 37ca5383c3b1249ff26e5356ad4c5588623fb4916ce27011b3908d49bb8a7bdb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 429f1e839fa16d832718f02e8d402f2da0825e0d1af39ee131b0a738e3690622
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50D0C971388702BEFA511E719C0EF6B7B96B755BC2F60D908B356FD0E0D6B09018DA29
                                                                                                                                                                                                                  Function 00E60654 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E6064F,?,?,00000008,?,?,00E602EF,00000000), ref: 00E60881
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                  • Opcode ID: 61e95b1bf5d403f9e934163245fb03e69126bfd5f4503131cfcc98ef2909c77a
                                                                                                                                                                                                                  • Instruction ID: 8d2012f09ce10e7ebf3347d7941c082ae6a6d857e35cc33c77625d8873c274ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61e95b1bf5d403f9e934163245fb03e69126bfd5f4503131cfcc98ef2909c77a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11B17D35210618CFD719CF28D486BA67BE0FF443A8F259659E899DF2A2C335E991CF40
                                                                                                                                                                                                                  Function 00E33EAD Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: gj
                                                                                                                                                                                                                  • API String ID: 0-4203073231
                                                                                                                                                                                                                  • Opcode ID: 815a24140f3673e255972812e5c927b4c23e172c699a57329e8311d3a6f70433
                                                                                                                                                                                                                  • Instruction ID: d78cecb011c2fe6bedc64661e9576da85c883e15a6de87b7e204e87e308b01b4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 815a24140f3673e255972812e5c927b4c23e172c699a57329e8311d3a6f70433
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF1D2B2A083418FC748CF29D880A1AFBE1BFC8248F19892EF598D7711D734E9458F56
                                                                                                                                                                                                                  Function 00E3A995 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00E3A9BA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                                                                  • Opcode ID: b53d8e760e2c952a06f32c1ee3b5b1a4c259856bbe5e68c13c35c9e21841e103
                                                                                                                                                                                                                  • Instruction ID: d5a8a79a9309c9d20bd13fc3a4e05d0b5e0f2268eba471b35b284916a9987d0a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b53d8e760e2c952a06f32c1ee3b5b1a4c259856bbe5e68c13c35c9e21841e103
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BF0F9B0904208CFCB18CB19ED45BE677A5F798314F1046A9DA59B3350E3B0A9C8DE91
                                                                                                                                                                                                                  Function 00E4E643 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0001E64F,00E4E084), ref: 00E4E648
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                  • Opcode ID: 436d723492d04f5097efdac2d4c41b90bc3d83907a7fb84ff8801f14d8313fe3
                                                                                                                                                                                                                  • Instruction ID: 95881b5b356b9c8203403b5c63abef6df800fef770c39a134b74fbd25b23efb6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 436d723492d04f5097efdac2d4c41b90bc3d83907a7fb84ff8801f14d8313fe3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                  Function 00E3E510 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 0C
                                                                                                                                                                                                                  • API String ID: 0-2593215123
                                                                                                                                                                                                                  • Opcode ID: 9a05b29e326b73c76ee5c6261054a2e8e831bd005b024e293b2e6b38d9fdddba
                                                                                                                                                                                                                  • Instruction ID: 49dd88819323226832031620740f137147c92df6936059782eacbeb5b4a7f844
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a05b29e326b73c76ee5c6261054a2e8e831bd005b024e293b2e6b38d9fdddba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B51067050D3958FC712CF25918846EBFE0AFEA318F49589EE4D56B392D230DA49CB53
                                                                                                                                                                                                                  Function 00E5ACA1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                  • Opcode ID: 6af634b3799bac7e4fb09635305c2d0edc1e0dc8bd76a0f12d18f4ed0b7d5ce5
                                                                                                                                                                                                                  • Instruction ID: e06e36c939443bb3a2a3742a573d5f9bff2a764a204c54fedf684c23155d27d7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6af634b3799bac7e4fb09635305c2d0edc1e0dc8bd76a0f12d18f4ed0b7d5ce5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75A01130A022008F83008F32AA0A20E3AE8AB02AC0308802AA208E2020EB3080288A00
                                                                                                                                                                                                                  Function 00E4589E Relevance: .8, Instructions: 800COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                                                                                                                                                                                                                  • Instruction ID: 1653fb26b20a9fe74fbd0e65153640063d336f8303b229c2b9438d968e82a89b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D622872604B849FCB29CF38E8906F9BBE1AF95304F04956ED8AA9B347D730E945C711
                                                                                                                                                                                                                  Function 00E46CDB Relevance: .8, Instructions: 773COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                                                                                                                                                                                                                  • Instruction ID: f3e307adcc7cf4423336c35409286c21c3dd13f0eba174eec5c44300284874cf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A16213706087869FC719CF28E8805B9FBE1FF55308F14966ED8A69B742D330E955CB81
                                                                                                                                                                                                                  Function 00E3E973 Relevance: .7, Instructions: 694COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                                                                                                                                                                                                                  • Instruction ID: 237b8c4247b48292bfd18edd21839374a60d34836bedccb51854dc9573189664
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D65248B26087019FC758CF18C891A6AF7E1FFC8304F49992DF9869B255D334E919CB82
                                                                                                                                                                                                                  Function 00E466A2 Relevance: .5, Instructions: 509COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0eb751bcca590d96f5c67fca6c65f538fad4c458a211a73441f92dbf5570880c
                                                                                                                                                                                                                  • Instruction ID: 7ff740e9841a9a516bc707bc9c205bddbb0833905a007c9026e657b52d8c9195
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0eb751bcca590d96f5c67fca6c65f538fad4c458a211a73441f92dbf5570880c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C12E4B16007068BC72CCF28D9D4AB9B7E0FF55308F14992EE597D7A80D374A894CB46
                                                                                                                                                                                                                  Function 00E3BAD1 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8b80ba89236252710b7b3827316fce07a925b156a6c47077af722217ee78d7f7
                                                                                                                                                                                                                  • Instruction ID: 6e2685c8249181bd240b1851ca1dfc99a1ee2867d33a35f09e5ba59d4be7c38a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b80ba89236252710b7b3827316fce07a925b156a6c47077af722217ee78d7f7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF17B71A083458FC718CE29C48856ABBE1FFC9358F546A2EF6C6A7355D730E906CB42
                                                                                                                                                                                                                  Function 00E50113 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                                  • Instruction ID: 761468bf332e8f229b38132a76bd757550649ff654f265948509bcf2227a2788
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36C1B9722050970BDF2D4639957403EFBA16EA17B631A2B6DECB3EB0D5FE20C568D610
                                                                                                                                                                                                                  Function 00E50548 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                                  • Instruction ID: ca0f3a466ff6a1ed3696d8322430edfb9cdc89b5ce378e0505dcda1fdeeacadb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C1CA722051970ADF6D4639C57403EFBA16EA17B631A2B6DECB3EB0C5FE10C528D610
                                                                                                                                                                                                                  Function 00E4FCDE Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                                  • Instruction ID: 2260f49727ab46ae7c47eb1c5ae1c9e6b8cd684cbdecf89c5a1b7e37bde38bc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79C1EB722050970ADF2D4639D57413EFBA16EA2BB631A277DD8B3EB0D5FE10C528D620
                                                                                                                                                                                                                  Function 00E4F8C6 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                  • Instruction ID: a40c314b7fc3954824d321377d56b607ca32ee59bc7c9b8920b8f321c753d7e7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09C1C6732051970ADF2D463AE57413EFBA16AA2BB531A277DD8B3EB1C4FE20C524D610
                                                                                                                                                                                                                  Function 00E3DF12 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e671a88dd910279519aa849da1e7c2499cb360cf4f0c08d33bc052f3396f2ab8
                                                                                                                                                                                                                  • Instruction ID: 02531115cfc362878473032eadda0fc7f4174363a0c90e53c4ea9316681a4640
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e671a88dd910279519aa849da1e7c2499cb360cf4f0c08d33bc052f3396f2ab8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E14B755183808FC304CF29E49086BBBF0BB8A301F89095EF5D997362D375E959DB62
                                                                                                                                                                                                                  Function 00E4364E Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                                                                                                                                                                                                                  • Instruction ID: 063aa8abfd3d55f8e9826e5d0c1868b0b7570cca4896d0ff8cc1142579e06fde
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 749167B02003498BDB28EF78E899BBEB7C5EB90304F14192DF5D6A72C2DB749644C752
                                                                                                                                                                                                                  Function 00E53EE9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5e48e5b1e2e9d5ba961038b0c39ed451049985d2f1a14797310cb81524992d52
                                                                                                                                                                                                                  • Instruction ID: 1a4afa3e35ef4802342f0274cd9f78a41ec9f8e07d5d8723085fd1c869ee447d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e48e5b1e2e9d5ba961038b0c39ed451049985d2f1a14797310cb81524992d52
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 386157E1B0070866DA34893899517FE73A49B4178FF243D1AEE43FB1C1D6519FCE8266
                                                                                                                                                                                                                  Function 00E4397F Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                                                                                                                                                                                                                  • Instruction ID: 66ef1b1ddd68a961408b30a0f582e928e35bae54224fa6b501144fd8a37a47a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F27148717043454BDB34DE38E8C4BAD77D0EBE0308F14693DEAC6AB682DA749A84C752
                                                                                                                                                                                                                  Function 00E53CBA Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                                                                                                                                  • Instruction ID: d5015a96585d7689df524988413fde81397848595c4cddb9c68c6fa28bda61aa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F514561600B4457DB384538859A7FEA7F99B027CEF183D09EC42FB682DA15EF4D8362
                                                                                                                                                                                                                  Function 00E3DADD Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d2217831fffb7d293e4d9d163fcc0b75a5478e26e9b2f9dc24f46f8e599bc061
                                                                                                                                                                                                                  • Instruction ID: 79ac0adb3e1ebe3bf6cf5649846ca0e9a1f55aae62ff9bc6b8329ac78e39f482
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2217831fffb7d293e4d9d163fcc0b75a5478e26e9b2f9dc24f46f8e599bc061
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F819C8221D6D4AEC70ACF3E38A42E57FA15773345F1940AAC4CDE72A3D1764A9CE721
                                                                                                                                                                                                                  Function 00E3F5C5 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 54409e11450e2d21152ae6acd6588ee6ca15f7d92501b33179cd3189b4fd7d73
                                                                                                                                                                                                                  • Instruction ID: d3bd9510a98f9335ecb612bb927768ac717f46138aa99fe99e64d7f1d3f4abf1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54409e11450e2d21152ae6acd6588ee6ca15f7d92501b33179cd3189b4fd7d73
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 495126B1A087029FC748CF19D49059AF7E1FF88314F054A2EE899A7740DB34EA59CBD6
                                                                                                                                                                                                                  Function 00E433D3 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                                                                                                                                                                                                                  • Instruction ID: a435e65b9d0925e6962069c73e2c4566b57b2548fab4e869a2f3521c766ab67c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D31F3B16047158FCB14DE28D8552AEBBE0FB95304F04592DE8E5E7741C774EA09CBA2
                                                                                                                                                                                                                  Function 00E35D7E Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6b25b73cabb5f66a3e393e8c280ec57131c142416842ef4726a0faaaf53744cc
                                                                                                                                                                                                                  • Instruction ID: 15e37d23670aa21e9bd6191561f2dc26fae3e08f445dad75e4093ba6e7649aae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b25b73cabb5f66a3e393e8c280ec57131c142416842ef4726a0faaaf53744cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321B636A201618FCB08CE2EF89447B7751A75634174A812BEA46AF3C1D574ED28C6A0
                                                                                                                                                                                                                  Function 00E4B4C7 Relevance: 33.7, APIs: 15, Strings: 4, Instructions: 438windowfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E4B4CC
                                                                                                                                                                                                                    • Part of subcall function 00E4A156: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00E4A21E
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000005,?,?,?,00000800,?,?,00000000,00000001,00E4ADDF,?,00000000), ref: 00E4B601
                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00E4B6AE
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00E4B6BB
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00E4B6C9
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00E4B812
                                                                                                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00E4B99C
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 00E4B9D7
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00E4B9E7
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,00E79602), ref: 00E4B9FB
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00E4BA24
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AttributesMessageSendTextWindow$DeleteEnvironmentExpandH_prologItemOperationStrings_wcsrchr
                                                                                                                                                                                                                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                                                                                  • API String ID: 764735972-312220925
                                                                                                                                                                                                                  • Opcode ID: d657771ec0bdd310985bfa6ef7f2853423e59b6274c8da530d38998c05c666eb
                                                                                                                                                                                                                  • Instruction ID: 846f13c7dd790bf43d5d9b5a72a6c70de130732ca9c0028fe79b0ceed08eae09
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d657771ec0bdd310985bfa6ef7f2853423e59b6274c8da530d38998c05c666eb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE18272D00119AAEF24EBA1ED85EEF77BCAB44350F1051A6F609F7051EB709B84CB60
                                                                                                                                                                                                                  Function 00E3D70B Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 235COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E3D731
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                    • Part of subcall function 00E411FA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00E70078,?,00E3CE91,00000000,?,00000050,00E70078), ref: 00E41217
                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00E3D752
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00E6D154,?), ref: 00E3D7B2
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00E3D7EC
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00E3D7F8
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00E3D896
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00E3D8C3
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00E3D906
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00E3D90E
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 00E3D919
                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00E3D946
                                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 00E3D9B8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                                                                                                  • String ID: $%s:$CAPTION$d
                                                                                                                                                                                                                  • API String ID: 2407758923-2512411981
                                                                                                                                                                                                                  • Opcode ID: 0acd3db93b29e0ae804ef0c746bcab199e600fb2700c41596c336c20c6db1e87
                                                                                                                                                                                                                  • Instruction ID: 80a7414dd4e85505daf9b76f6c28e43929084babe4b79ccb91868684773645c8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0acd3db93b29e0ae804ef0c746bcab199e600fb2700c41596c336c20c6db1e87
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC8192716083019FD710DF69DD89B6FBBE9EBC8744F04191DFA85A3290D6B0E909CB52
                                                                                                                                                                                                                  Function 00E5B784 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 00E5B7C8
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B380
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B392
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3A4
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3B6
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3C8
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3DA
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3EC
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B3FE
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B410
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B422
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B434
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B446
                                                                                                                                                                                                                    • Part of subcall function 00E5B363: _free.LIBCMT ref: 00E5B458
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B7BD
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?), ref: 00E57A66
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: GetLastError.KERNEL32(?,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?,?), ref: 00E57A78
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B7DF
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B7F4
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B7FF
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B821
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B834
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B842
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B84D
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B885
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B88C
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B8A9
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B8C1
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                  • Opcode ID: 35cf4a4aeee20540e21c76ac65cfa67c30db5a0ce8babf372e442844af955f62
                                                                                                                                                                                                                  • Instruction ID: 999b6dfc95245b77a0f5310cf4190395b8187073734ca179259b0dc3811276c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35cf4a4aeee20540e21c76ac65cfa67c30db5a0ce8babf372e442844af955f62
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E315E31A046059FEF24AA39E845B5B73E8EF40356F107C29E899F7152DF31AD988B24
                                                                                                                                                                                                                  Function 00E58422 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58436
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?), ref: 00E57A66
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: GetLastError.KERNEL32(?,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?,?), ref: 00E57A78
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58442
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5844D
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58458
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58463
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5846E
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58479
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58484
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5848F
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5849D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID: K
                                                                                                                                                                                                                  • API String ID: 776569668-1399411042
                                                                                                                                                                                                                  • Opcode ID: 2b5e7222c7d3be7a17d2020c2c254c433795dc787740921bd41a69c87b5c6708
                                                                                                                                                                                                                  • Instruction ID: e656d0a4f51a080377cae8876399b762b986a46c20c89007597b6aef0a7b307e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b5e7222c7d3be7a17d2020c2c254c433795dc787740921bd41a69c87b5c6708
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7211A476124108EFCF01EF64D942CDE3BA5EF04351B4165A1FE59AB222DA31EB649B80
                                                                                                                                                                                                                  Function 00E4C343 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 00E4C364
                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000800), ref: 00E4C393
                                                                                                                                                                                                                    • Part of subcall function 00E41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00E3ACFE,?,?,?,00E3ACAD,?,-00000002,?,00000000,?), ref: 00E41426
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00E4C3B1
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00E4C3C8
                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00E4C3DB
                                                                                                                                                                                                                    • Part of subcall function 00E4958C: GetDC.USER32(00000000), ref: 00E49598
                                                                                                                                                                                                                    • Part of subcall function 00E4958C: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E495A7
                                                                                                                                                                                                                    • Part of subcall function 00E4958C: ReleaseDC.USER32(00000000,00000000), ref: 00E495B5
                                                                                                                                                                                                                    • Part of subcall function 00E49549: GetDC.USER32(00000000), ref: 00E49555
                                                                                                                                                                                                                    • Part of subcall function 00E49549: GetDeviceCaps.GDI32(00000000,00000058), ref: 00E49564
                                                                                                                                                                                                                    • Part of subcall function 00E49549: ReleaseDC.USER32(00000000,00000000), ref: 00E49572
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00E4C402
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00E4C409
                                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 00E4C412
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
                                                                                                                                                                                                                  • String ID: STATIC
                                                                                                                                                                                                                  • API String ID: 1444658586-1882779555
                                                                                                                                                                                                                  • Opcode ID: 16d9939f5766c7a33f32f5357c6e88c63228b40f585b09772784b4f478a25df8
                                                                                                                                                                                                                  • Instruction ID: a12a913e9d180eff4a02befa85629046ff6a67a4708ab5223e50b0b225085d79
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16d9939f5766c7a33f32f5357c6e88c63228b40f585b09772784b4f478a25df8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15210872B452147FEB216B61FC0AFEF766CAF05790F109021FA11B7092CBB44D4586B0
                                                                                                                                                                                                                  Function 00E3200C Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ;%u$x%u$xc%u
                                                                                                                                                                                                                  • API String ID: 0-2277559157
                                                                                                                                                                                                                  • Opcode ID: 6cfa5d3a57b3e99707f17d59f345c1d602543fcc1c081aea89caac30eb0cc32a
                                                                                                                                                                                                                  • Instruction ID: c86536691b28ed24c9b09e90cfa3a12f59bab5a0ef4fa04d90b6cd4f04d47f96
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cfa5d3a57b3e99707f17d59f345c1d602543fcc1c081aea89caac30eb0cc32a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1F106716043405ADB14EF28889DBFE7FD5AF94304F0864BDEAC6BB287CA64D844C762
                                                                                                                                                                                                                  Function 00E5E2ED Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00E5EA62,00000000,00000000,00000000,00000000,00000000,00E53FBF), ref: 00E5E32F
                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00E5E3AA
                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00E5E3C5
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00E5E3EB
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,b,00000000,?,?,?,?,?,?,?,?,?,00E5EA62,00000000), ref: 00E5E40A
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,b,00000000,?,?,?,?,?,?,?,?,?,00E5EA62,00000000), ref: 00E5E443
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                  • String ID: b
                                                                                                                                                                                                                  • API String ID: 1324828854-1877723324
                                                                                                                                                                                                                  • Opcode ID: cfe835a25a25f0b2b162957a46b546fbf2d176c0a4a5fb0146ee3ec0bd71955b
                                                                                                                                                                                                                  • Instruction ID: 711e1a3ab4bce9310f1c4ad7fcc22cdf7d313d943c381b96e291b33363cdaf1e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfe835a25a25f0b2b162957a46b546fbf2d176c0a4a5fb0146ee3ec0bd71955b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D851D5B0E002499FCB14CFA8D845AEEBBF9EF09311F14551AE965F7391D7709A48CBA0
                                                                                                                                                                                                                  Function 00E4A3E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00E4A431
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 00E4A45E
                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00E4A473
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00E4A484
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 00E4A48D
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00E4A4A1
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00E4A4B3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                                                                                                  • String ID: LICENSEDLG
                                                                                                                                                                                                                  • API String ID: 3214253823-2177901306
                                                                                                                                                                                                                  • Opcode ID: 5f8b056c2c5e8c3d0d49a50263b3135906b8568ee9ccb148e77a10229e66c951
                                                                                                                                                                                                                  • Instruction ID: cb6d006c1da6ea8ae4fa3abad899cdec747b4a25e4ae83151bf6b8d901fb8889
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f8b056c2c5e8c3d0d49a50263b3135906b8568ee9ccb148e77a10229e66c951
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8221E4327882047FE6115B23FC49F7F3BADEB467A9F055024F601B60A0CAD298059772
                                                                                                                                                                                                                  Function 00E39268 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E3926D
                                                                                                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00E39290
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00E392AF
                                                                                                                                                                                                                    • Part of subcall function 00E41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00E3ACFE,?,?,?,00E3ACAD,?,-00000002,?,00000000,?), ref: 00E41426
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E3934B
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00E393C0
                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00E393FC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                                                                                                                                                                                  • String ID: rtmp%d
                                                                                                                                                                                                                  • API String ID: 2111052971-3303766350
                                                                                                                                                                                                                  • Opcode ID: 088376f116efaf4de640803889976ff5568be4a88ca0d0ac28c573b0f183853f
                                                                                                                                                                                                                  • Instruction ID: 2fc10649dad15c80018756b9ef2879ac095ca7bf7fa2a59eafbdabecc35e3af5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 088376f116efaf4de640803889976ff5568be4a88ca0d0ac28c573b0f183853f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7741B475901159A6CF20EBA0DD89FEE7BBCAF44384F0060A5B645F3043DBB49B45CB60
                                                                                                                                                                                                                  Function 00E488BF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 124memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00E487A0), ref: 00E48994
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00E489B5
                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00E489DC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocByteCharCreateMultiStreamWide
                                                                                                                                                                                                                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                                                                                                  • API String ID: 4094277203-4209811716
                                                                                                                                                                                                                  • Opcode ID: c002b5654d145a32e388cd6f346c8ececc2340bfa0da4089c9586ed6a0213b3d
                                                                                                                                                                                                                  • Instruction ID: bb28e2eef192f3f72dcfa7f414a89d8b6472699d7bb00c68f0f2d7bd4ad6df27
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c002b5654d145a32e388cd6f346c8ececc2340bfa0da4089c9586ed6a0213b3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C3113321447017ED314AB60AC0AF6F77D8DF82364F14591EFA14B61D1EFB0990987A6
                                                                                                                                                                                                                  Function 00E406E0 Relevance: 12.1, APIs: 8, Instructions: 117timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 00E406F3
                                                                                                                                                                                                                    • Part of subcall function 00E3A995: GetVersionExW.KERNEL32(?), ref: 00E3A9BA
                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00E4071C
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00E4072E
                                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00E4073B
                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E40751
                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E4075D
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E40793
                                                                                                                                                                                                                  • __aullrem.LIBCMT ref: 00E4081D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1247370737-0
                                                                                                                                                                                                                  • Opcode ID: 4707b6b997df9498913353403565f019dfa24acb38961a80fa6f1005ceb84f41
                                                                                                                                                                                                                  • Instruction ID: 2ee890a5fd2a158e296cbd4b1a5bb7433be6a98812128d496e669d8e25b940e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4707b6b997df9498913353403565f019dfa24acb38961a80fa6f1005ceb84f41
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E4148B2408305AFC714DF65D8809ABFBF8FF88754F005A2EF696A2250E775E548CB52
                                                                                                                                                                                                                  Function 00E48FE6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00E48FFF
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000000), ref: 00E49044
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000), ref: 00E490DB
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00E490E3
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00E490F9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Show$RectText
                                                                                                                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                                                                                                                  • API String ID: 3937224194-1658105358
                                                                                                                                                                                                                  • Opcode ID: 0383ca5a17fe056b29c9700111bdcaaf216956470a5036c7bdbe139546d098b0
                                                                                                                                                                                                                  • Instruction ID: 42ab2389ea8ab0327dc02bf6738557f131c28c09c6c9a0fa5ffdf1ef11551c9e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0383ca5a17fe056b29c9700111bdcaaf216956470a5036c7bdbe139546d098b0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A31B031A09300AFCB219F65EC4CF5BBBA8EF48755F005559FD4ABA196CB71E804CB61
                                                                                                                                                                                                                  Function 00E5B506 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E5B4CA: _free.LIBCMT ref: 00E5B4F3
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B554
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?), ref: 00E57A66
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: GetLastError.KERNEL32(?,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?,?), ref: 00E57A78
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B55F
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B56A
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B5BE
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B5C9
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B5D4
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B5DF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                  • Opcode ID: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                                                                                                                                                                                                                  • Instruction ID: 57c70e4cbab0df1cb35a6e8b1d30ed35ce9acdf955c53cb73534893b814126b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311FE72564704A6D930B770DC06FCF77DC6F04B02F406C15BBAE76053E765B5184650
                                                                                                                                                                                                                  Function 00E51694 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00E5168B,00E4F0E2), ref: 00E516A2
                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E516B0
                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E516C9
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00E5168B,00E4F0E2), ref: 00E5171B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                  • Opcode ID: ff0945a0f3da0b9e8cefe417af53f6b68065595a8835dada09985ccf65a2574d
                                                                                                                                                                                                                  • Instruction ID: 878b372e6722c4061b81e66e4232073ef07c85667d524d5f7e39f7b37458f428
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff0945a0f3da0b9e8cefe417af53f6b68065595a8835dada09985ccf65a2574d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B601283264D7115EA7182AB6BC8565B2B88EB023B77201E3EFE14790E2EFD14C1C5254
                                                                                                                                                                                                                  Function 00E4D27B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                  • API String ID: 0-1718035505
                                                                                                                                                                                                                  • Opcode ID: f86dbdf74e8c3515c559f921ce238314804d962c17facf2748a5a4fd470e00ed
                                                                                                                                                                                                                  • Instruction ID: 9a8fb1f2427478cee44baed3a06a2156fea99a8d320991d1e2efed749d7c775e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f86dbdf74e8c3515c559f921ce238314804d962c17facf2748a5a4fd470e00ed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B01D17168A7625F4F605EE67C9069723889B077AA310353AE901F3660E7D1C849E798
                                                                                                                                                                                                                  Function 00E40910 Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E4096E
                                                                                                                                                                                                                    • Part of subcall function 00E3A995: GetVersionExW.KERNEL32(?), ref: 00E3A9BA
                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E40990
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E409AA
                                                                                                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00E409BB
                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E409CB
                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E409D7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2092733347-0
                                                                                                                                                                                                                  • Opcode ID: 37b1d1b697ef756ae6cdcbb571dc33363f7b027c937e8a8d17ed48accf393c2a
                                                                                                                                                                                                                  • Instruction ID: 7cbd9a7c504ddcf538d59c949a192d220d06c694b9322c01377892ac6cd6f370
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37b1d1b697ef756ae6cdcbb571dc33363f7b027c937e8a8d17ed48accf393c2a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131C47A1183459EC700DFA5D8809ABB7E8FF98704F04592EFA99D7210E730D549CB6A
                                                                                                                                                                                                                  Function 00E48BE2 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                  • Opcode ID: f06b267b05782f2bb5b7e110c86a5ea13b8273b4b3df90a5ff074ca09d0e1310
                                                                                                                                                                                                                  • Instruction ID: efacc165c7365e996d3e5396a5ac96451aa2b247cd5901864e3bf133e987992f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f06b267b05782f2bb5b7e110c86a5ea13b8273b4b3df90a5ff074ca09d0e1310
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 102188B264120AABDB149E10FDC1F7FB7AC9B50B88F146539FD04B6141E630ED4596B3
                                                                                                                                                                                                                  Function 00E58516 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00E700E0,00E53394,00E700E0,?,?,00E52E0F,?,?,00E700E0), ref: 00E5851A
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5854D
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E58575
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00E700E0), ref: 00E58582
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00E700E0), ref: 00E5858E
                                                                                                                                                                                                                  • _abort.LIBCMT ref: 00E58594
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                  • Opcode ID: 29151aee6ffdfcebfaf5c5eb6fb29fbafc4bbf7f30e0400b1b7eca769ce75ba3
                                                                                                                                                                                                                  • Instruction ID: a2097661782d625486c1f99bd4fae5f43250e075af33365fdc5939a62677a79f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29151aee6ffdfcebfaf5c5eb6fb29fbafc4bbf7f30e0400b1b7eca769ce75ba3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5F02D355486006ED74133357D0AF6F129A8BD07A3F352D14FD15B7192FE60890D4120
                                                                                                                                                                                                                  Function 00E4C2A7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00E4C2F2
                                                                                                                                                                                                                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00E4C308
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 00E4C322
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068), ref: 00E4C32D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                                                                                                  • String ID: RENAMEDLG
                                                                                                                                                                                                                  • API String ID: 445417207-3299779563
                                                                                                                                                                                                                  • Opcode ID: a8fc34306363f58a5e3cd632d2cbdcdbff71993838a82c6b57a873054ca93989
                                                                                                                                                                                                                  • Instruction ID: b729a1b7a66a993d3f40835aac81ae1caab54fae0c27992cf11fb5cbc2a0ee04
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8fc34306363f58a5e3cd632d2cbdcdbff71993838a82c6b57a873054ca93989
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF012832B862147ED2505FA67D44F777B6CE75AB44F205015F201B70F0C6D2AC089775
                                                                                                                                                                                                                  Function 00E56B78 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E56B29,?,?,00E56AC9,?,00E6A800,0000000C,00E56C20,?,00000002), ref: 00E56B98
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E56BAB
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00E56B29,?,?,00E56AC9,?,00E6A800,0000000C,00E56C20,?,00000002,00000000), ref: 00E56BCE
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                  • Opcode ID: fa1e2d9ee9b2666754f9f4bc76573f808b14dcd424b5efd2da98817088164666
                                                                                                                                                                                                                  • Instruction ID: e253eda134bfcb9c659d71d4610002b5e9cdf98bce6e48f1d6839d9932937349
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1e2d9ee9b2666754f9f4bc76573f808b14dcd424b5efd2da98817088164666
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94F0A431A05209BFDB555B91EC09BAFBFB8EB04795F400158FA05F22A0DBB44A48CB90
                                                                                                                                                                                                                  Function 00E3E7E3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E3FD18
                                                                                                                                                                                                                    • Part of subcall function 00E3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E3E7F6,Crypt32.dll,?,00E3E878,?,00E3E85C,?,?,?,?), ref: 00E3FD3A
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E3E802
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00E77350,CryptUnprotectMemory), ref: 00E3E812
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                                                                                                  • API String ID: 2141747552-1753850145
                                                                                                                                                                                                                  • Opcode ID: 895d2d0d9457c385a85e0c9202eb3bb90f832f26a84ed1440e5d264767869994
                                                                                                                                                                                                                  • Instruction ID: 3805899f51bd9dfbf7ecef8cb969d0c061b60add354e66b7df47afca6f296a70
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 895d2d0d9457c385a85e0c9202eb3bb90f832f26a84ed1440e5d264767869994
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E04FB0980F43AECB045B39E80C605FFA46F10794F14E129E624F3291DBF4D054CB60
                                                                                                                                                                                                                  Function 00E57389 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                  • Opcode ID: ec48198586135b90cdb0db75b95342db2bd6ec8c5a21bb9b00111c1fec759a30
                                                                                                                                                                                                                  • Instruction ID: ddaf0f684ebc3c497efddfbf2b7dfcb5c486afb8c9cca9fc669f93eb95e57978
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec48198586135b90cdb0db75b95342db2bd6ec8c5a21bb9b00111c1fec759a30
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C41F032B042009FCB10DF78D881A5EB7E6EF89324F1559A8E965FB391DB31AD05CB81
                                                                                                                                                                                                                  Function 00E5ABA6 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00E5ABAF
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E5ABD2
                                                                                                                                                                                                                    • Part of subcall function 00E57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E52FA6,?,0000015D,?,?,?,?,00E54482,000000FF,00000000,?,?), ref: 00E57ABC
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E5ABF8
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5AC0B
                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E5AC1A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                                                                                                  • Opcode ID: a1bf84fc3e4239dc432482e1047cf93bdb2d174aebb5a6f609cb995e0559615d
                                                                                                                                                                                                                  • Instruction ID: 8bc7ecd988e045e7c49ecb342ae491efd3eafb4a32c8fedeeaf84e465e322cb3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1bf84fc3e4239dc432482e1047cf93bdb2d174aebb5a6f609cb995e0559615d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01B572602A147F232156767C4CC7FA96DDBC6BA63191639FD04F3241DA608D0991B1
                                                                                                                                                                                                                  Function 00E5859A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00E57ED1,00E57B6D,?,00E58544,00000001,00000364,?,00E52E0F,?,?,00E700E0), ref: 00E5859F
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E585D4
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E585FB
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00E700E0), ref: 00E58608
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00E700E0), ref: 00E58611
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                  • Opcode ID: 5b16b1cc6c7c38b11d34860a4a8e9362069169bb9b4ed9e530340abaaa240db8
                                                                                                                                                                                                                  • Instruction ID: 7c3fa39b7403ee6496a140acdaa053fd73139eb6328a67519e33690f76da969e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b16b1cc6c7c38b11d34860a4a8e9362069169bb9b4ed9e530340abaaa240db8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5901F436209A006FD70237357D85A6F26AA9BD03A77252D28FD16B7243EEA18D0D8169
                                                                                                                                                                                                                  Function 00E403C7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E40697: ResetEvent.KERNEL32(?), ref: 00E406A9
                                                                                                                                                                                                                    • Part of subcall function 00E40697: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00E406BD
                                                                                                                                                                                                                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00E403FB
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?), ref: 00E40415
                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00E4042E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00E4043A
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00E40446
                                                                                                                                                                                                                    • Part of subcall function 00E404BA: WaitForSingleObject.KERNEL32(?,000000FF,00E405D9,?,?,00E4064E,?,?,?,?,?,00E40638), ref: 00E404C0
                                                                                                                                                                                                                    • Part of subcall function 00E404BA: GetLastError.KERNEL32(?,?,00E4064E,?,?,?,?,?,00E40638), ref: 00E404CC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1868215902-0
                                                                                                                                                                                                                  • Opcode ID: a8ca8a8d8c50b6dc8ecc331b448a45294b80a7842466756322f076b39de019bc
                                                                                                                                                                                                                  • Instruction ID: 3e36460e2b1bd97f017022761db98a5a9c4f242e16538e8ab906b1031ef3bc88
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8ca8a8d8c50b6dc8ecc331b448a45294b80a7842466756322f076b39de019bc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73019272040B04EFC7229B65EC88F87BBE9FB44790F00056DF36AA2160CBB56948DB90
                                                                                                                                                                                                                  Function 00E5B461 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B479
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?), ref: 00E57A66
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: GetLastError.KERNEL32(?,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?,?), ref: 00E57A78
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B48B
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B49D
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B4AF
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5B4C1
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                  • Opcode ID: cbe811444217e129649203dde7506159791848b197008c6b74d67499a5f5be19
                                                                                                                                                                                                                  • Instruction ID: a511e65877d01ce4abfee0f59d4b762787ea5b7b483ae28fb6c4eaf6d7339cb3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbe811444217e129649203dde7506159791848b197008c6b74d67499a5f5be19
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F06232A18200ABCA30EB65FC85C1B73D9AB007657A46C05F89DF7513D730FC988654
                                                                                                                                                                                                                  Function 00E575DB Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E575F9
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?), ref: 00E57A66
                                                                                                                                                                                                                    • Part of subcall function 00E57A50: GetLastError.KERNEL32(?,?,00E5B4F8,?,00000000,?,00000000,?,00E5B51F,?,00000007,?,?,00E5B91C,?,?), ref: 00E57A78
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5760B
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5761E
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E5762F
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E57640
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                  • Opcode ID: 0bbffad0319757f29efee8f6b9a748aa5d64e21029d8e78274f5dc53342f954a
                                                                                                                                                                                                                  • Instruction ID: 03de6d5b8f20cc9227ba920ad21a5eea89e06e4ebe6a73d0cc558d929d3ab1b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bbffad0319757f29efee8f6b9a748aa5d64e21029d8e78274f5dc53342f954a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6F030709182188F8B16AF27BC0141A37E4BB557553862A17F96176272C770062D8BC5
                                                                                                                                                                                                                  Function 00E56C73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe,00000104), ref: 00E56CB3
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E56D7E
                                                                                                                                                                                                                  • _free.LIBCMT ref: 00E56D88
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
                                                                                                                                                                                                                  • API String ID: 2506810119-4021240003
                                                                                                                                                                                                                  • Opcode ID: a06167a7f12340464fcc8fc2ac91c46eeccad65a198eaeb63080368682fe15d2
                                                                                                                                                                                                                  • Instruction ID: f567fefdce35dd90f5e8fc19a506a0df3ea665455399b268653252362c263407
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a06167a7f12340464fcc8fc2ac91c46eeccad65a198eaeb63080368682fe15d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42317E71B04218AFCB21EF99D88599EBBFCEB85315F9058ABFD04B7211D6705E48CB90
                                                                                                                                                                                                                  Function 00E373B9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E373BE
                                                                                                                                                                                                                    • Part of subcall function 00E3399D: __EH_prolog.LIBCMT ref: 00E339A2
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00E37485
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E37A24
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: GetLastError.KERNEL32 ref: 00E37A6A
                                                                                                                                                                                                                    • Part of subcall function 00E37A15: CloseHandle.KERNEL32(?), ref: 00E37A79
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                                                                                                  • API String ID: 3813983858-639343689
                                                                                                                                                                                                                  • Opcode ID: 1d02e1c6e48d71399dae164293185351e05460fd6482663be5729924993bd894
                                                                                                                                                                                                                  • Instruction ID: 5039e57c78efd19645dfd848065731387abf8d99a32728318474f1468cb467ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d02e1c6e48d71399dae164293185351e05460fd6482663be5729924993bd894
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9531F571A04204AEDF20EB65EC09BEE7FB8AF45354F00A059F499B7152C7B49E44C7A0
                                                                                                                                                                                                                  Function 00E49B8D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00E49C15
                                                                                                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00E49C2A
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 00E49C3F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                                                                                                  • String ID: ASKNEXTVOL
                                                                                                                                                                                                                  • API String ID: 445417207-3402441367
                                                                                                                                                                                                                  • Opcode ID: 2804d99534f13ffe1d609714901e89cc7c64a0caea8d433fce5e66d394746500
                                                                                                                                                                                                                  • Instruction ID: 0f9cddac13931bf786df5aaeb11013a83bc9e290b76df4c8b95894c0958df9bf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2804d99534f13ffe1d609714901e89cc7c64a0caea8d433fce5e66d394746500
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1411E633344100AFD6119F65FD89FA7BBE8EB4A344F141010F201BB0B3C7A1AA06DB25
                                                                                                                                                                                                                  Function 00E3E862 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E3E7E3: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E3E802
                                                                                                                                                                                                                    • Part of subcall function 00E3E7E3: GetProcAddress.KERNEL32(00E77350,CryptUnprotectMemory), ref: 00E3E812
                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,00E3E85C), ref: 00E3E8E3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$CurrentProcess
                                                                                                                                                                                                                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed$Ps
                                                                                                                                                                                                                  • API String ID: 2190909847-1787189566
                                                                                                                                                                                                                  • Opcode ID: 96395e145d0026a26b5ad08871026e747606737a2546960717c7747e8139b066
                                                                                                                                                                                                                  • Instruction ID: 6235a5bb8ffcf86120bed28419431237327510a4e6acc271216787e8308664f1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96395e145d0026a26b5ad08871026e747606737a2546960717c7747e8139b066
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA110830B046056BDB159A39DC49BBA7B89DFC4758F08A069F844BA3D2DB60ED41E290
                                                                                                                                                                                                                  Function 00E3CE52 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __fprintf_l_strncpy
                                                                                                                                                                                                                  • String ID: $%s$@%s
                                                                                                                                                                                                                  • API String ID: 1857242416-834177443
                                                                                                                                                                                                                  • Opcode ID: 739303f958061a6114d7e562970455eb3f74ed9ae9031397feed785dfd7583bc
                                                                                                                                                                                                                  • Instruction ID: b42b8c9618ee3dc43b29bacb96b75dade80e623b6e8bf0fb30ac8ac7cc74ee5f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 739303f958061a6114d7e562970455eb3f74ed9ae9031397feed785dfd7583bc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2216D72840308AEDF20DEA4DC09BEE3FE8AB04744F106516FA15B61A2E375D658DB61
                                                                                                                                                                                                                  Function 00E4A0B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                    • Part of subcall function 00E312D7: SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00E4A0FE
                                                                                                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00E4A116
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000067,?), ref: 00E4A144
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                                                                                                  • API String ID: 445417207-3292211884
                                                                                                                                                                                                                  • Opcode ID: 2cacb669aa94d3ce63a31809a658ea7084d60cde6198c81d68552e09d8abbfbd
                                                                                                                                                                                                                  • Instruction ID: df1752e1aa5af50778ce5b8c3b892f9498a284abb230bb59a778410a013cb9a1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cacb669aa94d3ce63a31809a658ea7084d60cde6198c81d68552e09d8abbfbd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26114832A842187ADB209E69BC49FFB7B7CEB49364F440065FA45B21C0C6A19D408762
                                                                                                                                                                                                                  Function 00E3B1B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00E3B1DE
                                                                                                                                                                                                                    • Part of subcall function 00E33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E33E54
                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00E3B1FC
                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00E3B20C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                                                                                                                  • String ID: %c:\
                                                                                                                                                                                                                  • API String ID: 525462905-3142399695
                                                                                                                                                                                                                  • Opcode ID: 9bfd96f5bdff3ded6f2f661931d412d89c9e0544261fce82e44f6b8b2657dabd
                                                                                                                                                                                                                  • Instruction ID: 03d0cb9b38e1dc37a038380a52d8c5da1b9e3e8d9a9f37d39b14e423b421d015
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bfd96f5bdff3ded6f2f661931d412d89c9e0544261fce82e44f6b8b2657dabd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1301F9635003117ADA206B759C8AD6FABECDE95760F50A90AFE49E6091FB30D854C2B1
                                                                                                                                                                                                                  Function 00E40326 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00E3A865,00000008,00000000,?,?,00E3C802,?,00000000,?,00000001,?), ref: 00E4035F
                                                                                                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00E3A865,00000008,00000000,?,?,00E3C802,?,00000000), ref: 00E40369
                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00E3A865,00000008,00000000,?,?,00E3C802,?,00000000), ref: 00E40379
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Thread pool initialization failed., xrefs: 00E40391
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                                                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                                                                                                                                  • Opcode ID: 087b45d8724e12d1f057cc3d838a245e762d581a4a2541e03cf744da2f272d36
                                                                                                                                                                                                                  • Instruction ID: a05ec9c93ed80d5b9ec2b608f1483bc8e9457fb7a17bd4172afd3c3079dff5a1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 087b45d8724e12d1f057cc3d838a245e762d581a4a2541e03cf744da2f272d36
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A91173B1500704AFC3215F76AC84AABFFECEB95794F10583EF2DAA2201D6B11980CB50
                                                                                                                                                                                                                  Function 00E4C96E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                                                                                  • API String ID: 0-56093855
                                                                                                                                                                                                                  • Opcode ID: 96186e645cd2f02a8a052c71d40e82582db39119acd9cbecec290293017f88cf
                                                                                                                                                                                                                  • Instruction ID: 54a0e2b2ad5cc5e5166e56ea2bb1004e646dce3ede4509e260b8c16d52304f97
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96186e645cd2f02a8a052c71d40e82582db39119acd9cbecec290293017f88cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A01B572209205BFC341DF16FD40A23BBE5E789794F101426F689B3230D7729C589B62
                                                                                                                                                                                                                  Function 00E58749 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                  • Opcode ID: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                                                                                                                                                                                                                  • Instruction ID: 17a2898e858bdcdccc3349e87f9bd3be4fdda645717b30395fbc1c7753287bf3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEA17931A043869FDB25CF18C9817BEBBE0EF55315F18596EEC89BB242CA348D49C751
                                                                                                                                                                                                                  Function 00E39F96 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00E37F2C,?,?,?), ref: 00E3A03C
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00E37F2C,?,?), ref: 00E3A080
                                                                                                                                                                                                                  • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00E37F2C,?,?,?,?,?,?,?,?), ref: 00E3A101
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000,?,00E37F2C,?,?,?,?,?,?,?,?,?,?,?), ref: 00E3A108
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Create$CloseHandleTime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2287278272-0
                                                                                                                                                                                                                  • Opcode ID: ab5d487a8f5cb22e737e98636dfccc1fb35339e02731cd1a08c2d6ea94f9d3c5
                                                                                                                                                                                                                  • Instruction ID: 81e3722c60d235caec77ea9fcba28f25ba05d4c7727eea5bf4b236bd1b35d817
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab5d487a8f5cb22e737e98636dfccc1fb35339e02731cd1a08c2d6ea94f9d3c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41C031248381AEE725DF24DC49BAEBBE99F84704F08192DF5D1E3181C6A4DA8CDB53
                                                                                                                                                                                                                  Function 00E5B5EA Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00E5451B,?,00E5451B,?,00000001,?,?,00000001,00E5451B,00E5451B), ref: 00E5B637
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E5B6C0
                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E5B6D2
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00E5B6DB
                                                                                                                                                                                                                    • Part of subcall function 00E57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E52FA6,?,0000015D,?,?,?,?,00E54482,000000FF,00000000,?,?), ref: 00E57ABC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                                                                                                  • Opcode ID: b0eea5772e57ca41fa5c1687e4f4c2ebe87146ba11c6795b3caffe146fcb238c
                                                                                                                                                                                                                  • Instruction ID: 675517ebad441b00b797a33911d1d8dee35d31dc97851bf9512afd4a5d35c4a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0eea5772e57ca41fa5c1687e4f4c2ebe87146ba11c6795b3caffe146fcb238c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF310D72A0020AAFCF248F65DC45DAF7BA5EB00355F080928FC14EB290EB75CD58CBA0
                                                                                                                                                                                                                  Function 00E4A4F8 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadBitmapW.USER32(00000065), ref: 00E4A508
                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00E4A529
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00E4A551
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00E4A570
                                                                                                                                                                                                                    • Part of subcall function 00E4963A: FindResourceW.KERNEL32(00000066,PNG,?,?,00E4A54A,00000066), ref: 00E4964B
                                                                                                                                                                                                                    • Part of subcall function 00E4963A: SizeofResource.KERNEL32(00000000,75295780,?,?,00E4A54A,00000066), ref: 00E49663
                                                                                                                                                                                                                    • Part of subcall function 00E4963A: LoadResource.KERNEL32(00000000,?,?,00E4A54A,00000066), ref: 00E49676
                                                                                                                                                                                                                    • Part of subcall function 00E4963A: LockResource.KERNEL32(00000000,?,?,00E4A54A,00000066), ref: 00E49681
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 142272564-0
                                                                                                                                                                                                                  • Opcode ID: 18c5446ae8061fd6cd0fb612046a27b4c8d88b2047d7086eb6dfea00a1c6310d
                                                                                                                                                                                                                  • Instruction ID: 77f0d54d4df667f2acbb380245f0f3111d8bf03ded74cce29259bcd3221f2814
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18c5446ae8061fd6cd0fb612046a27b4c8d88b2047d7086eb6dfea00a1c6310d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E012B32A801052BC71277697C46F7F77AEEF85BA1F481020FA00F7192DE558C0652F1
                                                                                                                                                                                                                  Function 00E51A89 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 00E51AA0
                                                                                                                                                                                                                    • Part of subcall function 00E520D8: ___AdjustPointer.LIBCMT ref: 00E52122
                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 00E51AB7
                                                                                                                                                                                                                  • ___FrameUnwindToState.LIBVCRUNTIME ref: 00E51AC9
                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00E51AED
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2633735394-0
                                                                                                                                                                                                                  • Opcode ID: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                                                                                                                                                                                                  • Instruction ID: 35cec63d367316aaa7310e341cef7bf1f8cae90ed7b823905f9398d997444cc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14012932401108FBCF129F95CC01EDA3BBAEF49755F045558FD1876121D332E8A5DBA0
                                                                                                                                                                                                                  Function 00E515E6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00E515E6
                                                                                                                                                                                                                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00E515EB
                                                                                                                                                                                                                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00E515F0
                                                                                                                                                                                                                    • Part of subcall function 00E5268E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00E5269F
                                                                                                                                                                                                                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00E51605
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1761009282-0
                                                                                                                                                                                                                  • Opcode ID: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                                                                                                                                                                                                  • Instruction ID: 749e8b1dfd3da5940709646f619993972785e06ee64f718d7e7e5923066784f6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CC048AC414682911C203AB923237ED13C01DE37CBB853CCABF5237223AE96480F6877
                                                                                                                                                                                                                  Function 00E4975D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E4960F: GetDC.USER32(00000000), ref: 00E49613
                                                                                                                                                                                                                    • Part of subcall function 00E4960F: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E4961E
                                                                                                                                                                                                                    • Part of subcall function 00E4960F: ReleaseDC.USER32(00000000,00000000), ref: 00E49629
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00E4978E
                                                                                                                                                                                                                    • Part of subcall function 00E49954: GetDC.USER32(00000000), ref: 00E4995D
                                                                                                                                                                                                                    • Part of subcall function 00E49954: GetObjectW.GDI32(?,00000018,?), ref: 00E4998C
                                                                                                                                                                                                                    • Part of subcall function 00E49954: ReleaseDC.USER32(00000000,?), ref: 00E49A20
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                  • API String ID: 1061551593-3887548279
                                                                                                                                                                                                                  • Opcode ID: 18558524f4c0ced110fe78eaff564ebf07e0989355ec3d9f7444e8745ca95cdf
                                                                                                                                                                                                                  • Instruction ID: f9cd5acf72f2fedf8385455ffe16c7fa84ac29c226a960d5e9a1f3c713e29ec4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18558524f4c0ced110fe78eaff564ebf07e0989355ec3d9f7444e8745ca95cdf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63613471608340AFD214CF65D888E6BBBE8FF89744F10491DF699EB261D771E805CB62
                                                                                                                                                                                                                  Function 00E40A9F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _swprintf
                                                                                                                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                                                                                                                  • API String ID: 589789837-2259941744
                                                                                                                                                                                                                  • Opcode ID: 475a9b625d733c2a606e197a19733fdfec5b0a31c73af6269760f28837885dea
                                                                                                                                                                                                                  • Instruction ID: 28d835b03ad4e3b2d16e50c6a6545589caa7a9032c60dcb852c3a587efdb4980
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 475a9b625d733c2a606e197a19733fdfec5b0a31c73af6269760f28837885dea
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B05130356CC301FAE6211F90BD46F7679A9DB05B08F20B936F7CA784D2D5B16920B70A
                                                                                                                                                                                                                  Function 00E37570 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00E37575
                                                                                                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E37711
                                                                                                                                                                                                                    • Part of subcall function 00E3A12F: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E39F65,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E3A143
                                                                                                                                                                                                                    • Part of subcall function 00E3A12F: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E39F65,?,?,?,00E39DFE,?,00000001,00000000,?,?), ref: 00E3A174
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Attributes$H_prologTime
                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                  • API String ID: 1861295151-336475711
                                                                                                                                                                                                                  • Opcode ID: cee5d0b7c4d0e6326339b894dae33fc4ef94e7b8118f1137352cea0b4c249bd8
                                                                                                                                                                                                                  • Instruction ID: 093cb12d134f37e44548ccceba97078d2d7bd0fc6a3873d2e034cd17ee71aa90
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cee5d0b7c4d0e6326339b894dae33fc4ef94e7b8118f1137352cea0b4c249bd8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD4171B1905118AADB35EB64DC9EEEE7BBCAF44340F0050D9B545B6092DB705F88CB61
                                                                                                                                                                                                                  Function 00E3B32C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: UNC$\\?\
                                                                                                                                                                                                                  • API String ID: 0-253988292
                                                                                                                                                                                                                  • Opcode ID: c39c21058e43886665b68e2427030b63e165df300a21a7aed44fa6022bda623d
                                                                                                                                                                                                                  • Instruction ID: 6f1bff23cd5f9e35b799dbb92b4d9f430fc12cddd3cb45fa0367f8bc449ba7bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c39c21058e43886665b68e2427030b63e165df300a21a7aed44fa6022bda623d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A741EA318442187ACF20AF61DC09EEB3FA9AF05395F00A465FB6AB3142F7749D90C794
                                                                                                                                                                                                                  Function 00E48A07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Shell.Explorer$about:blank
                                                                                                                                                                                                                  • API String ID: 0-874089819
                                                                                                                                                                                                                  • Opcode ID: 40d47d90817e83945a3e69e173e1773edb6de9e272086cf15c90952d3e764f8b
                                                                                                                                                                                                                  • Instruction ID: b249263c82df0eaf87a6166e0edef67c41ccdadec56c53f2d3bd9a8cc8e2e0e2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40d47d90817e83945a3e69e173e1773edb6de9e272086cf15c90952d3e764f8b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16218171740706BFC744DFB0E891E6AB3A8BF45354F04A21AF215AB682DFB0E811DB90
                                                                                                                                                                                                                  Function 00E4CA31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowVisible.USER32(00030442), ref: 00E4CA6D
                                                                                                                                                                                                                  • DialogBoxParamW.USER32(GETPASSWORD1,00030442,00E4A0B0,?,?), ref: 00E4CAA9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DialogParamVisibleWindow
                                                                                                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                                                                                                  • API String ID: 3157717868-3292211884
                                                                                                                                                                                                                  • Opcode ID: ae2189e06e70085531ec95fc9173267d74403622be48283021b2e57018c91472
                                                                                                                                                                                                                  • Instruction ID: 3fca947422ac3d95a7934713965f256df10e57d0a7a9c7f8f0a8a9d1b49d54eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae2189e06e70085531ec95fc9173267d74403622be48283021b2e57018c91472
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 001157327442086ADB12DE75BC06BAB37D9BB49760F185079FE4EB7180C6F05C84E7A4
                                                                                                                                                                                                                  Function 00E312D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00E3D70B: _swprintf.LIBCMT ref: 00E3D731
                                                                                                                                                                                                                    • Part of subcall function 00E3D70B: _strlen.LIBCMT ref: 00E3D752
                                                                                                                                                                                                                    • Part of subcall function 00E3D70B: SetDlgItemTextW.USER32(?,00E6D154,?), ref: 00E3D7B2
                                                                                                                                                                                                                    • Part of subcall function 00E3D70B: GetWindowRect.USER32(?,?), ref: 00E3D7EC
                                                                                                                                                                                                                    • Part of subcall function 00E3D70B: GetClientRect.USER32(?,?), ref: 00E3D7F8
                                                                                                                                                                                                                  • GetDlgItem.USER32(00000000,00003021), ref: 00E3131B
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,00E622E4), ref: 00E31331
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                  • API String ID: 2622349952-4108050209
                                                                                                                                                                                                                  • Opcode ID: 97cff4ea769f3a3964e02109f2397e6b4c90130679c60e1178536403c882d0d3
                                                                                                                                                                                                                  • Instruction ID: 26cf6f31044604cbfa729d3ae499703bd411ee2e1bcb47d50fccaeebfa075127
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97cff4ea769f3a3964e02109f2397e6b4c90130679c60e1178536403c882d0d3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F0A470684248ABDF160F219C0DBE93F99AF04388F01A458FC49714A1CBB4C554DB10
                                                                                                                                                                                                                  Function 00E404BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00E405D9,?,?,00E4064E,?,?,?,?,?,00E40638), ref: 00E404C0
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00E4064E,?,?,?,?,?,00E40638), ref: 00E404CC
                                                                                                                                                                                                                    • Part of subcall function 00E36CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E36CEC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00E404D5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                                                                                                  • API String ID: 1091760877-2248577382
                                                                                                                                                                                                                  • Opcode ID: ce8832f6d4317db7d77d4aec1b187af582328e974582ee2202f1c9143566a71e
                                                                                                                                                                                                                  • Instruction ID: aa2af198e9445e7ab511e57a782789f2a0ceaf5626440c27da77d3ea6b856f53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8832f6d4317db7d77d4aec1b187af582328e974582ee2202f1c9143566a71e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9D017315499227AD60027247C0AAAFB9169B523B0F64E72CF779B52E6CA6008968295
                                                                                                                                                                                                                  Function 00E3D6C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00E3CFBE,?), ref: 00E3D6C6
                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00E3CFBE,?), ref: 00E3D6D4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2069677814.0000000000E31000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069651860.0000000000E30000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E6D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E74000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E84000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E8C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069747431.0000000000E90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2069889877.0000000000E91000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_e30000_version-checker-win-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                                                                                                                  • String ID: RTL
                                                                                                                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                                                                                                                  • Opcode ID: 7670ba440c692391c8a8b68384cd3c2345abf7657754c48d5959938fbee9a1a9
                                                                                                                                                                                                                  • Instruction ID: 98ac77e6158aab7854e934c98ef3bbb3b02db26dc6eb3f4d2da970ced691a796
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7670ba440c692391c8a8b68384cd3c2345abf7657754c48d5959938fbee9a1a9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94C01231285B116ADB7017317D0DB472D4C6B01BA1F15144CF345F91D0D9E9C444C750

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:10.5%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                  Total number of Limit Nodes:69
                                                                                                                                                                                                                  execution_graph 19766 7ff70e8ab830 19777 7ff70e8af5e8 EnterCriticalSection 19766->19777 19778 7ff70e8a4720 19779 7ff70e8a472b 19778->19779 19787 7ff70e8ae5b4 19779->19787 19800 7ff70e8af5e8 EnterCriticalSection 19787->19800 19101 7ff70e8aec9c 19102 7ff70e8aee8e 19101->19102 19104 7ff70e8aecde _isindst 19101->19104 19103 7ff70e8a43f4 _get_daylight 11 API calls 19102->19103 19121 7ff70e8aee7e 19103->19121 19104->19102 19107 7ff70e8aed5e _isindst 19104->19107 19105 7ff70e89b870 _log10_special 8 API calls 19106 7ff70e8aeea9 19105->19106 19122 7ff70e8b54a4 19107->19122 19112 7ff70e8aeeba 19114 7ff70e8a9c10 _isindst 17 API calls 19112->19114 19116 7ff70e8aeece 19114->19116 19119 7ff70e8aedbb 19119->19121 19146 7ff70e8b54e8 19119->19146 19121->19105 19123 7ff70e8aed7c 19122->19123 19124 7ff70e8b54b3 19122->19124 19128 7ff70e8b48a8 19123->19128 19153 7ff70e8af5e8 EnterCriticalSection 19124->19153 19129 7ff70e8b48b1 19128->19129 19130 7ff70e8aed91 19128->19130 19131 7ff70e8a43f4 _get_daylight 11 API calls 19129->19131 19130->19112 19134 7ff70e8b48d8 19130->19134 19132 7ff70e8b48b6 19131->19132 19133 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 19132->19133 19133->19130 19135 7ff70e8b48e1 19134->19135 19136 7ff70e8aeda2 19134->19136 19137 7ff70e8a43f4 _get_daylight 11 API calls 19135->19137 19136->19112 19140 7ff70e8b4908 19136->19140 19138 7ff70e8b48e6 19137->19138 19139 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 19138->19139 19139->19136 19141 7ff70e8b4911 19140->19141 19142 7ff70e8aedb3 19140->19142 19143 7ff70e8a43f4 _get_daylight 11 API calls 19141->19143 19142->19112 19142->19119 19144 7ff70e8b4916 19143->19144 19145 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 19144->19145 19145->19142 19154 7ff70e8af5e8 EnterCriticalSection 19146->19154 19499 7ff70e8b09c0 19510 7ff70e8b66f4 19499->19510 19511 7ff70e8b6701 19510->19511 19512 7ff70e8a9c58 __free_lconv_mon 11 API calls 19511->19512 19513 7ff70e8b671d 19511->19513 19512->19511 19514 7ff70e8a9c58 __free_lconv_mon 11 API calls 19513->19514 19515 7ff70e8b09c9 19513->19515 19514->19513 19516 7ff70e8af5e8 EnterCriticalSection 19515->19516 15696 7ff70e8a4938 15697 7ff70e8a496f 15696->15697 15698 7ff70e8a4952 15696->15698 15697->15698 15700 7ff70e8a4982 CreateFileW 15697->15700 15747 7ff70e8a43d4 15698->15747 15702 7ff70e8a49b6 15700->15702 15703 7ff70e8a49ec 15700->15703 15721 7ff70e8a4a8c GetFileType 15702->15721 15753 7ff70e8a4f14 15703->15753 15705 7ff70e8a43f4 _get_daylight 11 API calls 15708 7ff70e8a495f 15705->15708 15750 7ff70e8a9bf0 15708->15750 15710 7ff70e8a4a20 15779 7ff70e8a4cd4 15710->15779 15711 7ff70e8a49f5 15774 7ff70e8a4368 15711->15774 15713 7ff70e8a49e1 CloseHandle 15715 7ff70e8a496a 15713->15715 15714 7ff70e8a49cb CloseHandle 15714->15715 15720 7ff70e8a49ff 15720->15715 15722 7ff70e8a4b97 15721->15722 15723 7ff70e8a4ada 15721->15723 15725 7ff70e8a4b9f 15722->15725 15726 7ff70e8a4bc1 15722->15726 15724 7ff70e8a4b06 GetFileInformationByHandle 15723->15724 15731 7ff70e8a4e10 21 API calls 15723->15731 15727 7ff70e8a4b2f 15724->15727 15728 7ff70e8a4bb2 GetLastError 15724->15728 15725->15728 15729 7ff70e8a4ba3 15725->15729 15730 7ff70e8a4be4 PeekNamedPipe 15726->15730 15735 7ff70e8a4b82 15726->15735 15732 7ff70e8a4cd4 51 API calls 15727->15732 15734 7ff70e8a4368 _fread_nolock 11 API calls 15728->15734 15733 7ff70e8a43f4 _get_daylight 11 API calls 15729->15733 15730->15735 15736 7ff70e8a4af4 15731->15736 15737 7ff70e8a4b3a 15732->15737 15733->15735 15734->15735 15803 7ff70e89b870 15735->15803 15736->15724 15736->15735 15796 7ff70e8a4c34 15737->15796 15742 7ff70e8a4c34 10 API calls 15743 7ff70e8a4b59 15742->15743 15744 7ff70e8a4c34 10 API calls 15743->15744 15745 7ff70e8a4b6a 15744->15745 15745->15735 15746 7ff70e8a43f4 _get_daylight 11 API calls 15745->15746 15746->15735 15748 7ff70e8aa5d8 _get_daylight 11 API calls 15747->15748 15749 7ff70e8a43dd 15748->15749 15749->15705 15817 7ff70e8a9a88 15750->15817 15752 7ff70e8a9c09 15752->15715 15754 7ff70e8a4f4a 15753->15754 15755 7ff70e8a43f4 _get_daylight 11 API calls 15754->15755 15768 7ff70e8a4fe2 __std_exception_destroy 15754->15768 15757 7ff70e8a4f5c 15755->15757 15756 7ff70e89b870 _log10_special 8 API calls 15758 7ff70e8a49f1 15756->15758 15759 7ff70e8a43f4 _get_daylight 11 API calls 15757->15759 15758->15710 15758->15711 15760 7ff70e8a4f64 15759->15760 15869 7ff70e8a7118 15760->15869 15762 7ff70e8a4f79 15763 7ff70e8a4f81 15762->15763 15764 7ff70e8a4f8b 15762->15764 15765 7ff70e8a43f4 _get_daylight 11 API calls 15763->15765 15766 7ff70e8a43f4 _get_daylight 11 API calls 15764->15766 15773 7ff70e8a4f86 15765->15773 15767 7ff70e8a4f90 15766->15767 15767->15768 15769 7ff70e8a43f4 _get_daylight 11 API calls 15767->15769 15768->15756 15770 7ff70e8a4f9a 15769->15770 15771 7ff70e8a7118 45 API calls 15770->15771 15771->15773 15772 7ff70e8a4fd4 GetDriveTypeW 15772->15768 15773->15768 15773->15772 15775 7ff70e8aa5d8 _get_daylight 11 API calls 15774->15775 15776 7ff70e8a4375 __free_lconv_mon 15775->15776 15777 7ff70e8aa5d8 _get_daylight 11 API calls 15776->15777 15778 7ff70e8a4397 15777->15778 15778->15720 15781 7ff70e8a4cfc 15779->15781 15780 7ff70e8a4a2d 15789 7ff70e8a4e10 15780->15789 15781->15780 15963 7ff70e8aea34 15781->15963 15783 7ff70e8a4d90 15783->15780 15784 7ff70e8aea34 51 API calls 15783->15784 15785 7ff70e8a4da3 15784->15785 15785->15780 15786 7ff70e8aea34 51 API calls 15785->15786 15787 7ff70e8a4db6 15786->15787 15787->15780 15788 7ff70e8aea34 51 API calls 15787->15788 15788->15780 15790 7ff70e8a4e2a 15789->15790 15791 7ff70e8a4e61 15790->15791 15792 7ff70e8a4e3a 15790->15792 15794 7ff70e8ae8c8 21 API calls 15791->15794 15793 7ff70e8a4e4a 15792->15793 15795 7ff70e8a4368 _fread_nolock 11 API calls 15792->15795 15793->15720 15794->15793 15795->15793 15797 7ff70e8a4c50 15796->15797 15798 7ff70e8a4c5d FileTimeToSystemTime 15796->15798 15797->15798 15800 7ff70e8a4c58 15797->15800 15799 7ff70e8a4c71 SystemTimeToTzSpecificLocalTime 15798->15799 15798->15800 15799->15800 15801 7ff70e89b870 _log10_special 8 API calls 15800->15801 15802 7ff70e8a4b49 15801->15802 15802->15742 15804 7ff70e89b879 15803->15804 15805 7ff70e89b884 15804->15805 15806 7ff70e89bc00 IsProcessorFeaturePresent 15804->15806 15805->15713 15805->15714 15807 7ff70e89bc18 15806->15807 15812 7ff70e89bdf8 RtlCaptureContext 15807->15812 15813 7ff70e89be12 RtlLookupFunctionEntry 15812->15813 15814 7ff70e89bc2b 15813->15814 15815 7ff70e89be28 RtlVirtualUnwind 15813->15815 15816 7ff70e89bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15814->15816 15815->15813 15815->15814 15818 7ff70e8a9ab3 15817->15818 15821 7ff70e8a9b24 15818->15821 15820 7ff70e8a9ada 15820->15752 15831 7ff70e8a986c 15821->15831 15824 7ff70e8a9b5f 15824->15820 15832 7ff70e8a98c3 15831->15832 15833 7ff70e8a9888 GetLastError 15831->15833 15832->15824 15837 7ff70e8a98d8 15832->15837 15834 7ff70e8a9898 15833->15834 15844 7ff70e8aa6a0 15834->15844 15838 7ff70e8a98f4 GetLastError SetLastError 15837->15838 15839 7ff70e8a990c 15837->15839 15838->15839 15839->15824 15840 7ff70e8a9c10 IsProcessorFeaturePresent 15839->15840 15841 7ff70e8a9c23 15840->15841 15861 7ff70e8a9924 15841->15861 15845 7ff70e8aa6bf FlsGetValue 15844->15845 15846 7ff70e8aa6da FlsSetValue 15844->15846 15847 7ff70e8aa6d4 15845->15847 15849 7ff70e8a98b3 SetLastError 15845->15849 15848 7ff70e8aa6e7 15846->15848 15846->15849 15847->15846 15850 7ff70e8adea8 _get_daylight 11 API calls 15848->15850 15849->15832 15851 7ff70e8aa6f6 15850->15851 15852 7ff70e8aa714 FlsSetValue 15851->15852 15853 7ff70e8aa704 FlsSetValue 15851->15853 15854 7ff70e8aa732 15852->15854 15855 7ff70e8aa720 FlsSetValue 15852->15855 15856 7ff70e8aa70d 15853->15856 15857 7ff70e8aa204 _get_daylight 11 API calls 15854->15857 15855->15856 15858 7ff70e8a9c58 __free_lconv_mon 11 API calls 15856->15858 15859 7ff70e8aa73a 15857->15859 15858->15849 15860 7ff70e8a9c58 __free_lconv_mon 11 API calls 15859->15860 15860->15849 15862 7ff70e8a995e _isindst __scrt_get_show_window_mode 15861->15862 15863 7ff70e8a9986 RtlCaptureContext RtlLookupFunctionEntry 15862->15863 15864 7ff70e8a99c0 RtlVirtualUnwind 15863->15864 15865 7ff70e8a99f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15863->15865 15864->15865 15867 7ff70e8a9a48 _isindst 15865->15867 15866 7ff70e89b870 _log10_special 8 API calls 15868 7ff70e8a9a67 GetCurrentProcess TerminateProcess 15866->15868 15867->15866 15870 7ff70e8a71a2 15869->15870 15871 7ff70e8a7134 15869->15871 15906 7ff70e8afad0 15870->15906 15871->15870 15873 7ff70e8a7139 15871->15873 15874 7ff70e8a7151 15873->15874 15875 7ff70e8a716e 15873->15875 15881 7ff70e8a6ee8 GetFullPathNameW 15874->15881 15889 7ff70e8a6f5c GetFullPathNameW 15875->15889 15880 7ff70e8a7166 __std_exception_destroy 15880->15762 15882 7ff70e8a6f24 15881->15882 15883 7ff70e8a6f0e GetLastError 15881->15883 15887 7ff70e8a43f4 _get_daylight 11 API calls 15882->15887 15888 7ff70e8a6f20 15882->15888 15884 7ff70e8a4368 _fread_nolock 11 API calls 15883->15884 15885 7ff70e8a6f1b 15884->15885 15886 7ff70e8a43f4 _get_daylight 11 API calls 15885->15886 15886->15888 15887->15888 15888->15880 15890 7ff70e8a6f8f GetLastError 15889->15890 15894 7ff70e8a6fa5 __std_exception_destroy 15889->15894 15891 7ff70e8a4368 _fread_nolock 11 API calls 15890->15891 15892 7ff70e8a6f9c 15891->15892 15893 7ff70e8a43f4 _get_daylight 11 API calls 15892->15893 15895 7ff70e8a6fa1 15893->15895 15894->15895 15896 7ff70e8a6fff GetFullPathNameW 15894->15896 15897 7ff70e8a7034 15895->15897 15896->15890 15896->15895 15900 7ff70e8a70a8 memcpy_s 15897->15900 15901 7ff70e8a705d __scrt_get_show_window_mode 15897->15901 15898 7ff70e8a7091 15899 7ff70e8a43f4 _get_daylight 11 API calls 15898->15899 15905 7ff70e8a7096 15899->15905 15900->15880 15901->15898 15901->15900 15902 7ff70e8a70ca 15901->15902 15902->15900 15904 7ff70e8a43f4 _get_daylight 11 API calls 15902->15904 15903 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 15903->15900 15904->15905 15905->15903 15909 7ff70e8af8e0 15906->15909 15910 7ff70e8af922 15909->15910 15911 7ff70e8af90b 15909->15911 15913 7ff70e8af926 15910->15913 15914 7ff70e8af947 15910->15914 15912 7ff70e8a43f4 _get_daylight 11 API calls 15911->15912 15916 7ff70e8af910 15912->15916 15935 7ff70e8afa4c 15913->15935 15947 7ff70e8ae8c8 15914->15947 15920 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 15916->15920 15918 7ff70e8af94c 15923 7ff70e8af9f1 15918->15923 15930 7ff70e8af973 15918->15930 15934 7ff70e8af91b __std_exception_destroy 15920->15934 15921 7ff70e8af92f 15922 7ff70e8a43d4 _fread_nolock 11 API calls 15921->15922 15924 7ff70e8af934 15922->15924 15923->15911 15925 7ff70e8af9f9 15923->15925 15927 7ff70e8a43f4 _get_daylight 11 API calls 15924->15927 15928 7ff70e8a6ee8 13 API calls 15925->15928 15926 7ff70e89b870 _log10_special 8 API calls 15929 7ff70e8afa41 15926->15929 15927->15916 15928->15934 15929->15880 15931 7ff70e8a6f5c 14 API calls 15930->15931 15932 7ff70e8af9b7 15931->15932 15933 7ff70e8a7034 37 API calls 15932->15933 15932->15934 15933->15934 15934->15926 15936 7ff70e8afa96 15935->15936 15937 7ff70e8afa66 15935->15937 15938 7ff70e8afaa1 GetDriveTypeW 15936->15938 15940 7ff70e8afa81 15936->15940 15939 7ff70e8a43d4 _fread_nolock 11 API calls 15937->15939 15938->15940 15941 7ff70e8afa6b 15939->15941 15942 7ff70e89b870 _log10_special 8 API calls 15940->15942 15943 7ff70e8a43f4 _get_daylight 11 API calls 15941->15943 15944 7ff70e8af92b 15942->15944 15945 7ff70e8afa76 15943->15945 15944->15918 15944->15921 15946 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 15945->15946 15946->15940 15961 7ff70e8b97e0 15947->15961 15950 7ff70e8ae915 15953 7ff70e89b870 _log10_special 8 API calls 15950->15953 15951 7ff70e8ae93c 15952 7ff70e8adea8 _get_daylight 11 API calls 15951->15952 15954 7ff70e8ae94b 15952->15954 15955 7ff70e8ae9a9 15953->15955 15956 7ff70e8ae955 GetCurrentDirectoryW 15954->15956 15957 7ff70e8ae964 15954->15957 15955->15918 15956->15957 15958 7ff70e8ae969 15956->15958 15959 7ff70e8a43f4 _get_daylight 11 API calls 15957->15959 15960 7ff70e8a9c58 __free_lconv_mon 11 API calls 15958->15960 15959->15958 15960->15950 15962 7ff70e8ae8fe GetCurrentDirectoryW 15961->15962 15962->15950 15962->15951 15964 7ff70e8aea41 15963->15964 15965 7ff70e8aea65 15963->15965 15964->15965 15966 7ff70e8aea46 15964->15966 15967 7ff70e8aea9f 15965->15967 15970 7ff70e8aeabe 15965->15970 15968 7ff70e8a43f4 _get_daylight 11 API calls 15966->15968 15969 7ff70e8a43f4 _get_daylight 11 API calls 15967->15969 15971 7ff70e8aea4b 15968->15971 15972 7ff70e8aeaa4 15969->15972 15980 7ff70e8a4178 15970->15980 15974 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 15971->15974 15975 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 15972->15975 15976 7ff70e8aea56 15974->15976 15977 7ff70e8aeaaf 15975->15977 15976->15783 15977->15783 15978 7ff70e8aeacb 15978->15977 15979 7ff70e8af7ec 51 API calls 15978->15979 15979->15978 15981 7ff70e8a419c 15980->15981 15987 7ff70e8a4197 15980->15987 15981->15987 15988 7ff70e8aa460 GetLastError 15981->15988 15987->15978 15989 7ff70e8aa4a1 FlsSetValue 15988->15989 15990 7ff70e8aa484 FlsGetValue 15988->15990 15991 7ff70e8aa491 15989->15991 15993 7ff70e8aa4b3 15989->15993 15990->15991 15992 7ff70e8aa49b 15990->15992 15994 7ff70e8aa50d SetLastError 15991->15994 15992->15989 15995 7ff70e8adea8 _get_daylight 11 API calls 15993->15995 15996 7ff70e8a41b7 15994->15996 15997 7ff70e8aa52d 15994->15997 15998 7ff70e8aa4c2 15995->15998 16010 7ff70e8acc94 15996->16010 16018 7ff70e8a9814 15997->16018 15999 7ff70e8aa4e0 FlsSetValue 15998->15999 16000 7ff70e8aa4d0 FlsSetValue 15998->16000 16003 7ff70e8aa4fe 15999->16003 16004 7ff70e8aa4ec FlsSetValue 15999->16004 16002 7ff70e8aa4d9 16000->16002 16006 7ff70e8a9c58 __free_lconv_mon 11 API calls 16002->16006 16007 7ff70e8aa204 _get_daylight 11 API calls 16003->16007 16004->16002 16006->15991 16008 7ff70e8aa506 16007->16008 16009 7ff70e8a9c58 __free_lconv_mon 11 API calls 16008->16009 16009->15994 16011 7ff70e8a41da 16010->16011 16012 7ff70e8acca9 16010->16012 16014 7ff70e8acd00 16011->16014 16012->16011 16062 7ff70e8b2614 16012->16062 16015 7ff70e8acd15 16014->16015 16017 7ff70e8acd28 16014->16017 16015->16017 16075 7ff70e8b1960 16015->16075 16017->15987 16027 7ff70e8b2960 16018->16027 16053 7ff70e8b2918 16027->16053 16058 7ff70e8af5e8 EnterCriticalSection 16053->16058 16063 7ff70e8aa460 __CxxCallCatchBlock 45 API calls 16062->16063 16064 7ff70e8b2623 16063->16064 16065 7ff70e8b266e 16064->16065 16074 7ff70e8af5e8 EnterCriticalSection 16064->16074 16065->16011 16076 7ff70e8aa460 __CxxCallCatchBlock 45 API calls 16075->16076 16077 7ff70e8b1969 16076->16077 19883 7ff70e89be70 19884 7ff70e89be80 19883->19884 19900 7ff70e8a8ec0 19884->19900 19886 7ff70e89be8c 19906 7ff70e89c168 19886->19906 19888 7ff70e89c44c 7 API calls 19890 7ff70e89bf25 19888->19890 19889 7ff70e89bea4 _RTC_Initialize 19898 7ff70e89bef9 19889->19898 19911 7ff70e89c318 19889->19911 19892 7ff70e89beb9 19914 7ff70e8a832c 19892->19914 19898->19888 19899 7ff70e89bf15 19898->19899 19901 7ff70e8a8ed1 19900->19901 19902 7ff70e8a8ed9 19901->19902 19903 7ff70e8a43f4 _get_daylight 11 API calls 19901->19903 19902->19886 19904 7ff70e8a8ee8 19903->19904 19905 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 19904->19905 19905->19902 19907 7ff70e89c179 19906->19907 19910 7ff70e89c17e __scrt_acquire_startup_lock 19906->19910 19908 7ff70e89c44c 7 API calls 19907->19908 19907->19910 19909 7ff70e89c1f2 19908->19909 19910->19889 19939 7ff70e89c2dc 19911->19939 19913 7ff70e89c321 19913->19892 19915 7ff70e89bec5 19914->19915 19916 7ff70e8a834c 19914->19916 19915->19898 19938 7ff70e89c3ec InitializeSListHead 19915->19938 19917 7ff70e8a8354 19916->19917 19918 7ff70e8a836a GetModuleFileNameW 19916->19918 19919 7ff70e8a43f4 _get_daylight 11 API calls 19917->19919 19922 7ff70e8a8395 19918->19922 19920 7ff70e8a8359 19919->19920 19921 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 19920->19921 19921->19915 19954 7ff70e8a82cc 19922->19954 19925 7ff70e8a83dd 19926 7ff70e8a43f4 _get_daylight 11 API calls 19925->19926 19927 7ff70e8a83e2 19926->19927 19930 7ff70e8a9c58 __free_lconv_mon 11 API calls 19927->19930 19928 7ff70e8a8417 19931 7ff70e8a9c58 __free_lconv_mon 11 API calls 19928->19931 19929 7ff70e8a83f5 19929->19928 19932 7ff70e8a8443 19929->19932 19933 7ff70e8a845c 19929->19933 19930->19915 19931->19915 19934 7ff70e8a9c58 __free_lconv_mon 11 API calls 19932->19934 19936 7ff70e8a9c58 __free_lconv_mon 11 API calls 19933->19936 19935 7ff70e8a844c 19934->19935 19937 7ff70e8a9c58 __free_lconv_mon 11 API calls 19935->19937 19936->19928 19937->19915 19940 7ff70e89c2f6 19939->19940 19942 7ff70e89c2ef 19939->19942 19943 7ff70e8a94fc 19940->19943 19942->19913 19946 7ff70e8a9138 19943->19946 19953 7ff70e8af5e8 EnterCriticalSection 19946->19953 19955 7ff70e8a82e4 19954->19955 19959 7ff70e8a831c 19954->19959 19956 7ff70e8adea8 _get_daylight 11 API calls 19955->19956 19955->19959 19957 7ff70e8a8312 19956->19957 19958 7ff70e8a9c58 __free_lconv_mon 11 API calls 19957->19958 19958->19959 19959->19925 19959->19929 19524 7ff70e8b9ef3 19525 7ff70e8b9f03 19524->19525 19528 7ff70e8a4788 LeaveCriticalSection 19525->19528 19601 7ff70e8aa2e0 19602 7ff70e8aa2fa 19601->19602 19603 7ff70e8aa2e5 19601->19603 19607 7ff70e8aa300 19603->19607 19608 7ff70e8aa342 19607->19608 19609 7ff70e8aa34a 19607->19609 19610 7ff70e8a9c58 __free_lconv_mon 11 API calls 19608->19610 19611 7ff70e8a9c58 __free_lconv_mon 11 API calls 19609->19611 19610->19609 19612 7ff70e8aa357 19611->19612 19613 7ff70e8a9c58 __free_lconv_mon 11 API calls 19612->19613 19614 7ff70e8aa364 19613->19614 19615 7ff70e8a9c58 __free_lconv_mon 11 API calls 19614->19615 19616 7ff70e8aa371 19615->19616 19617 7ff70e8a9c58 __free_lconv_mon 11 API calls 19616->19617 19618 7ff70e8aa37e 19617->19618 19619 7ff70e8a9c58 __free_lconv_mon 11 API calls 19618->19619 19620 7ff70e8aa38b 19619->19620 19621 7ff70e8a9c58 __free_lconv_mon 11 API calls 19620->19621 19622 7ff70e8aa398 19621->19622 19623 7ff70e8a9c58 __free_lconv_mon 11 API calls 19622->19623 19624 7ff70e8aa3a5 19623->19624 19625 7ff70e8a9c58 __free_lconv_mon 11 API calls 19624->19625 19626 7ff70e8aa3b5 19625->19626 19627 7ff70e8a9c58 __free_lconv_mon 11 API calls 19626->19627 19628 7ff70e8aa3c5 19627->19628 19633 7ff70e8aa1a4 19628->19633 19647 7ff70e8af5e8 EnterCriticalSection 19633->19647 20031 7ff70e8a9060 20034 7ff70e8a8fe4 20031->20034 20041 7ff70e8af5e8 EnterCriticalSection 20034->20041 16095 7ff70e8afbd8 16096 7ff70e8afbfc 16095->16096 16098 7ff70e8afc0c 16095->16098 16097 7ff70e8a43f4 _get_daylight 11 API calls 16096->16097 16116 7ff70e8afc01 16097->16116 16099 7ff70e8afeec 16098->16099 16100 7ff70e8afc2e 16098->16100 16101 7ff70e8a43f4 _get_daylight 11 API calls 16099->16101 16102 7ff70e8afc4f 16100->16102 16244 7ff70e8b0294 16100->16244 16103 7ff70e8afef1 16101->16103 16106 7ff70e8afcc1 16102->16106 16108 7ff70e8afc75 16102->16108 16112 7ff70e8afcb5 16102->16112 16105 7ff70e8a9c58 __free_lconv_mon 11 API calls 16103->16105 16105->16116 16110 7ff70e8adea8 _get_daylight 11 API calls 16106->16110 16126 7ff70e8afc84 16106->16126 16107 7ff70e8afd6e 16120 7ff70e8afd8b 16107->16120 16127 7ff70e8afddd 16107->16127 16259 7ff70e8a89d8 16108->16259 16113 7ff70e8afcd7 16110->16113 16112->16107 16112->16126 16265 7ff70e8b643c 16112->16265 16117 7ff70e8a9c58 __free_lconv_mon 11 API calls 16113->16117 16115 7ff70e8a9c58 __free_lconv_mon 11 API calls 16115->16116 16122 7ff70e8afce5 16117->16122 16118 7ff70e8afc7f 16123 7ff70e8a43f4 _get_daylight 11 API calls 16118->16123 16119 7ff70e8afc9d 16119->16112 16125 7ff70e8b0294 45 API calls 16119->16125 16121 7ff70e8a9c58 __free_lconv_mon 11 API calls 16120->16121 16124 7ff70e8afd94 16121->16124 16122->16112 16122->16126 16130 7ff70e8adea8 _get_daylight 11 API calls 16122->16130 16123->16126 16136 7ff70e8afd99 16124->16136 16301 7ff70e8b26ec 16124->16301 16125->16112 16126->16115 16127->16126 16128 7ff70e8b26ec 40 API calls 16127->16128 16129 7ff70e8afe1a 16128->16129 16131 7ff70e8a9c58 __free_lconv_mon 11 API calls 16129->16131 16133 7ff70e8afd07 16130->16133 16134 7ff70e8afe24 16131->16134 16138 7ff70e8a9c58 __free_lconv_mon 11 API calls 16133->16138 16134->16126 16134->16136 16135 7ff70e8afee0 16139 7ff70e8a9c58 __free_lconv_mon 11 API calls 16135->16139 16136->16135 16141 7ff70e8adea8 _get_daylight 11 API calls 16136->16141 16137 7ff70e8afdc5 16140 7ff70e8a9c58 __free_lconv_mon 11 API calls 16137->16140 16138->16112 16139->16116 16140->16136 16142 7ff70e8afe68 16141->16142 16143 7ff70e8afe70 16142->16143 16144 7ff70e8afe79 16142->16144 16146 7ff70e8a9c58 __free_lconv_mon 11 API calls 16143->16146 16226 7ff70e8a97b4 16144->16226 16148 7ff70e8afe77 16146->16148 16153 7ff70e8a9c58 __free_lconv_mon 11 API calls 16148->16153 16149 7ff70e8afe90 16310 7ff70e8b6554 16149->16310 16150 7ff70e8aff1b 16152 7ff70e8a9c10 _isindst 17 API calls 16150->16152 16155 7ff70e8aff2f 16152->16155 16153->16116 16158 7ff70e8aff58 16155->16158 16164 7ff70e8aff68 16155->16164 16156 7ff70e8afeb7 16159 7ff70e8a43f4 _get_daylight 11 API calls 16156->16159 16157 7ff70e8afed8 16161 7ff70e8a9c58 __free_lconv_mon 11 API calls 16157->16161 16160 7ff70e8a43f4 _get_daylight 11 API calls 16158->16160 16162 7ff70e8afebc 16159->16162 16163 7ff70e8aff5d 16160->16163 16161->16135 16166 7ff70e8a9c58 __free_lconv_mon 11 API calls 16162->16166 16165 7ff70e8b024b 16164->16165 16167 7ff70e8aff8a 16164->16167 16168 7ff70e8a43f4 _get_daylight 11 API calls 16165->16168 16166->16148 16169 7ff70e8affa7 16167->16169 16329 7ff70e8b037c 16167->16329 16170 7ff70e8b0250 16168->16170 16173 7ff70e8b001b 16169->16173 16174 7ff70e8b000f 16169->16174 16175 7ff70e8affcf 16169->16175 16172 7ff70e8a9c58 __free_lconv_mon 11 API calls 16170->16172 16172->16163 16180 7ff70e8adea8 _get_daylight 11 API calls 16173->16180 16188 7ff70e8affde 16173->16188 16196 7ff70e8b0043 16173->16196 16174->16188 16191 7ff70e8b00ce 16174->16191 16350 7ff70e8b62fc 16174->16350 16344 7ff70e8a8a14 16175->16344 16178 7ff70e8adea8 _get_daylight 11 API calls 16182 7ff70e8b0065 16178->16182 16179 7ff70e8a9c58 __free_lconv_mon 11 API calls 16179->16163 16184 7ff70e8b0035 16180->16184 16189 7ff70e8a9c58 __free_lconv_mon 11 API calls 16182->16189 16183 7ff70e8b00eb 16190 7ff70e8a9c58 __free_lconv_mon 11 API calls 16183->16190 16192 7ff70e8a9c58 __free_lconv_mon 11 API calls 16184->16192 16185 7ff70e8affd9 16193 7ff70e8a43f4 _get_daylight 11 API calls 16185->16193 16186 7ff70e8afff7 16186->16174 16195 7ff70e8b037c 45 API calls 16186->16195 16187 7ff70e8b013e 16187->16188 16197 7ff70e8b26ec 40 API calls 16187->16197 16188->16179 16189->16174 16194 7ff70e8b00f4 16190->16194 16191->16183 16191->16187 16192->16196 16193->16188 16200 7ff70e8b26ec 40 API calls 16194->16200 16203 7ff70e8b00fa 16194->16203 16195->16174 16196->16174 16196->16178 16196->16188 16198 7ff70e8b017c 16197->16198 16199 7ff70e8a9c58 __free_lconv_mon 11 API calls 16198->16199 16201 7ff70e8b0186 16199->16201 16204 7ff70e8b0126 16200->16204 16201->16188 16201->16203 16202 7ff70e8b023f 16205 7ff70e8a9c58 __free_lconv_mon 11 API calls 16202->16205 16203->16202 16207 7ff70e8adea8 _get_daylight 11 API calls 16203->16207 16206 7ff70e8a9c58 __free_lconv_mon 11 API calls 16204->16206 16205->16163 16206->16203 16208 7ff70e8b01cb 16207->16208 16209 7ff70e8b01d3 16208->16209 16210 7ff70e8b01dc 16208->16210 16212 7ff70e8a9c58 __free_lconv_mon 11 API calls 16209->16212 16235 7ff70e8af784 16210->16235 16213 7ff70e8b01da 16212->16213 16220 7ff70e8a9c58 __free_lconv_mon 11 API calls 16213->16220 16215 7ff70e8b01f2 SetEnvironmentVariableW 16217 7ff70e8b0216 16215->16217 16218 7ff70e8b0237 16215->16218 16216 7ff70e8b027f 16219 7ff70e8a9c10 _isindst 17 API calls 16216->16219 16221 7ff70e8a43f4 _get_daylight 11 API calls 16217->16221 16223 7ff70e8a9c58 __free_lconv_mon 11 API calls 16218->16223 16222 7ff70e8b0293 16219->16222 16220->16163 16224 7ff70e8b021b 16221->16224 16223->16202 16225 7ff70e8a9c58 __free_lconv_mon 11 API calls 16224->16225 16225->16213 16227 7ff70e8a97c1 16226->16227 16228 7ff70e8a97cb 16226->16228 16227->16228 16233 7ff70e8a97e6 16227->16233 16229 7ff70e8a43f4 _get_daylight 11 API calls 16228->16229 16230 7ff70e8a97d2 16229->16230 16231 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16230->16231 16232 7ff70e8a97de 16231->16232 16232->16149 16232->16150 16233->16232 16234 7ff70e8a43f4 _get_daylight 11 API calls 16233->16234 16234->16230 16236 7ff70e8af791 16235->16236 16237 7ff70e8af79b 16235->16237 16236->16237 16242 7ff70e8af7b7 16236->16242 16238 7ff70e8a43f4 _get_daylight 11 API calls 16237->16238 16239 7ff70e8af7a3 16238->16239 16240 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16239->16240 16241 7ff70e8af7af 16240->16241 16241->16215 16241->16216 16242->16241 16243 7ff70e8a43f4 _get_daylight 11 API calls 16242->16243 16243->16239 16245 7ff70e8b02b1 16244->16245 16246 7ff70e8b02c9 16244->16246 16245->16102 16247 7ff70e8adea8 _get_daylight 11 API calls 16246->16247 16254 7ff70e8b02ed 16247->16254 16248 7ff70e8b0372 16250 7ff70e8a9814 __CxxCallCatchBlock 45 API calls 16248->16250 16249 7ff70e8b034e 16251 7ff70e8a9c58 __free_lconv_mon 11 API calls 16249->16251 16252 7ff70e8b0378 16250->16252 16251->16245 16253 7ff70e8adea8 _get_daylight 11 API calls 16253->16254 16254->16248 16254->16249 16254->16253 16255 7ff70e8a9c58 __free_lconv_mon 11 API calls 16254->16255 16256 7ff70e8a97b4 __std_exception_copy 37 API calls 16254->16256 16257 7ff70e8b035d 16254->16257 16255->16254 16256->16254 16258 7ff70e8a9c10 _isindst 17 API calls 16257->16258 16258->16248 16260 7ff70e8a89e8 16259->16260 16263 7ff70e8a89f1 16259->16263 16260->16263 16374 7ff70e8a84b0 16260->16374 16263->16118 16263->16119 16266 7ff70e8b5564 16265->16266 16267 7ff70e8b6449 16265->16267 16268 7ff70e8b5571 16266->16268 16275 7ff70e8b55a7 16266->16275 16269 7ff70e8a4178 45 API calls 16267->16269 16271 7ff70e8a43f4 _get_daylight 11 API calls 16268->16271 16285 7ff70e8b5518 16268->16285 16272 7ff70e8b647d 16269->16272 16270 7ff70e8b55d1 16273 7ff70e8a43f4 _get_daylight 11 API calls 16270->16273 16274 7ff70e8b557b 16271->16274 16276 7ff70e8b6493 16272->16276 16279 7ff70e8b64aa 16272->16279 16284 7ff70e8b6482 16272->16284 16277 7ff70e8b55d6 16273->16277 16278 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16274->16278 16275->16270 16283 7ff70e8b55f6 16275->16283 16280 7ff70e8a43f4 _get_daylight 11 API calls 16276->16280 16281 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16277->16281 16282 7ff70e8b5586 16278->16282 16287 7ff70e8b64c6 16279->16287 16288 7ff70e8b64b4 16279->16288 16286 7ff70e8b6498 16280->16286 16292 7ff70e8b55e1 16281->16292 16282->16112 16289 7ff70e8a4178 45 API calls 16283->16289 16283->16292 16284->16112 16285->16112 16290 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16286->16290 16293 7ff70e8b64d7 16287->16293 16294 7ff70e8b64ee 16287->16294 16291 7ff70e8a43f4 _get_daylight 11 API calls 16288->16291 16289->16292 16290->16284 16297 7ff70e8b64b9 16291->16297 16292->16112 16628 7ff70e8b55b4 16293->16628 16637 7ff70e8b825c 16294->16637 16299 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16297->16299 16299->16284 16300 7ff70e8a43f4 _get_daylight 11 API calls 16300->16284 16302 7ff70e8b270e 16301->16302 16303 7ff70e8b272b 16301->16303 16302->16303 16304 7ff70e8b271c 16302->16304 16305 7ff70e8b2735 16303->16305 16677 7ff70e8b6f48 16303->16677 16306 7ff70e8a43f4 _get_daylight 11 API calls 16304->16306 16684 7ff70e8b6f84 16305->16684 16309 7ff70e8b2721 __scrt_get_show_window_mode 16306->16309 16309->16137 16311 7ff70e8a4178 45 API calls 16310->16311 16312 7ff70e8b65ba 16311->16312 16313 7ff70e8b65c8 16312->16313 16696 7ff70e8ae234 16312->16696 16699 7ff70e8a47bc 16313->16699 16317 7ff70e8b66b4 16320 7ff70e8a9c58 __free_lconv_mon 11 API calls 16317->16320 16322 7ff70e8b66c5 16317->16322 16318 7ff70e8a4178 45 API calls 16319 7ff70e8b6637 16318->16319 16323 7ff70e8ae234 5 API calls 16319->16323 16326 7ff70e8b6640 16319->16326 16320->16322 16321 7ff70e8afeb3 16321->16156 16321->16157 16322->16321 16324 7ff70e8a9c58 __free_lconv_mon 11 API calls 16322->16324 16323->16326 16324->16321 16325 7ff70e8a47bc 14 API calls 16327 7ff70e8b669b 16325->16327 16326->16325 16327->16317 16328 7ff70e8b66a3 SetEnvironmentVariableW 16327->16328 16328->16317 16330 7ff70e8b03bc 16329->16330 16336 7ff70e8b039f 16329->16336 16331 7ff70e8adea8 _get_daylight 11 API calls 16330->16331 16339 7ff70e8b03e0 16331->16339 16332 7ff70e8b0441 16335 7ff70e8a9c58 __free_lconv_mon 11 API calls 16332->16335 16333 7ff70e8a9814 __CxxCallCatchBlock 45 API calls 16334 7ff70e8b046a 16333->16334 16335->16336 16336->16169 16337 7ff70e8adea8 _get_daylight 11 API calls 16337->16339 16338 7ff70e8a9c58 __free_lconv_mon 11 API calls 16338->16339 16339->16332 16339->16337 16339->16338 16340 7ff70e8af784 37 API calls 16339->16340 16341 7ff70e8b0450 16339->16341 16343 7ff70e8b0464 16339->16343 16340->16339 16342 7ff70e8a9c10 _isindst 17 API calls 16341->16342 16342->16343 16343->16333 16345 7ff70e8a8a24 16344->16345 16349 7ff70e8a8a2d 16344->16349 16345->16349 16721 7ff70e8a8524 16345->16721 16349->16185 16349->16186 16351 7ff70e8b6309 16350->16351 16352 7ff70e8b6336 16350->16352 16351->16352 16353 7ff70e8b630e 16351->16353 16355 7ff70e8b637a 16352->16355 16358 7ff70e8b6399 16352->16358 16372 7ff70e8b636e __crtLCMapStringW 16352->16372 16354 7ff70e8a43f4 _get_daylight 11 API calls 16353->16354 16356 7ff70e8b6313 16354->16356 16357 7ff70e8a43f4 _get_daylight 11 API calls 16355->16357 16359 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16356->16359 16360 7ff70e8b637f 16357->16360 16361 7ff70e8b63b5 16358->16361 16362 7ff70e8b63a3 16358->16362 16363 7ff70e8b631e 16359->16363 16365 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16360->16365 16364 7ff70e8a4178 45 API calls 16361->16364 16366 7ff70e8a43f4 _get_daylight 11 API calls 16362->16366 16363->16174 16367 7ff70e8b63c2 16364->16367 16365->16372 16368 7ff70e8b63a8 16366->16368 16367->16372 16768 7ff70e8b7e18 16367->16768 16369 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16368->16369 16369->16372 16372->16174 16373 7ff70e8a43f4 _get_daylight 11 API calls 16373->16372 16375 7ff70e8a84c9 16374->16375 16384 7ff70e8a84c5 16374->16384 16397 7ff70e8b1900 16375->16397 16380 7ff70e8a84e7 16423 7ff70e8a8594 16380->16423 16381 7ff70e8a84db 16382 7ff70e8a9c58 __free_lconv_mon 11 API calls 16381->16382 16382->16384 16384->16263 16389 7ff70e8a8804 16384->16389 16386 7ff70e8a9c58 __free_lconv_mon 11 API calls 16387 7ff70e8a850e 16386->16387 16388 7ff70e8a9c58 __free_lconv_mon 11 API calls 16387->16388 16388->16384 16390 7ff70e8a882d 16389->16390 16391 7ff70e8a8846 16389->16391 16390->16263 16391->16390 16392 7ff70e8adea8 _get_daylight 11 API calls 16391->16392 16393 7ff70e8a88d6 16391->16393 16394 7ff70e8afaf8 WideCharToMultiByte 16391->16394 16396 7ff70e8a9c58 __free_lconv_mon 11 API calls 16391->16396 16392->16391 16395 7ff70e8a9c58 __free_lconv_mon 11 API calls 16393->16395 16394->16391 16395->16390 16396->16391 16398 7ff70e8a84ce 16397->16398 16399 7ff70e8b190d 16397->16399 16403 7ff70e8b1c3c GetEnvironmentStringsW 16398->16403 16442 7ff70e8aa534 16399->16442 16404 7ff70e8a84d3 16403->16404 16405 7ff70e8b1c6c 16403->16405 16404->16380 16404->16381 16406 7ff70e8afaf8 WideCharToMultiByte 16405->16406 16407 7ff70e8b1cbd 16406->16407 16408 7ff70e8b1cc4 FreeEnvironmentStringsW 16407->16408 16409 7ff70e8ac90c _fread_nolock 12 API calls 16407->16409 16408->16404 16410 7ff70e8b1cd7 16409->16410 16411 7ff70e8b1cdf 16410->16411 16412 7ff70e8b1ce8 16410->16412 16414 7ff70e8a9c58 __free_lconv_mon 11 API calls 16411->16414 16413 7ff70e8afaf8 WideCharToMultiByte 16412->16413 16415 7ff70e8b1d0b 16413->16415 16416 7ff70e8b1ce6 16414->16416 16417 7ff70e8b1d0f 16415->16417 16418 7ff70e8b1d19 16415->16418 16416->16408 16419 7ff70e8a9c58 __free_lconv_mon 11 API calls 16417->16419 16420 7ff70e8a9c58 __free_lconv_mon 11 API calls 16418->16420 16421 7ff70e8b1d17 FreeEnvironmentStringsW 16419->16421 16420->16421 16421->16404 16424 7ff70e8a85b9 16423->16424 16425 7ff70e8adea8 _get_daylight 11 API calls 16424->16425 16436 7ff70e8a85ef 16425->16436 16426 7ff70e8a9c58 __free_lconv_mon 11 API calls 16429 7ff70e8a84ef 16426->16429 16427 7ff70e8a866a 16428 7ff70e8a9c58 __free_lconv_mon 11 API calls 16427->16428 16428->16429 16429->16386 16430 7ff70e8adea8 _get_daylight 11 API calls 16430->16436 16431 7ff70e8a8659 16622 7ff70e8a87c0 16431->16622 16432 7ff70e8a97b4 __std_exception_copy 37 API calls 16432->16436 16435 7ff70e8a868f 16438 7ff70e8a9c10 _isindst 17 API calls 16435->16438 16436->16427 16436->16430 16436->16431 16436->16432 16436->16435 16439 7ff70e8a9c58 __free_lconv_mon 11 API calls 16436->16439 16440 7ff70e8a85f7 16436->16440 16437 7ff70e8a9c58 __free_lconv_mon 11 API calls 16437->16440 16441 7ff70e8a86a2 16438->16441 16439->16436 16440->16426 16443 7ff70e8aa560 FlsSetValue 16442->16443 16444 7ff70e8aa545 FlsGetValue 16442->16444 16445 7ff70e8aa552 16443->16445 16447 7ff70e8aa56d 16443->16447 16444->16445 16446 7ff70e8aa55a 16444->16446 16448 7ff70e8aa558 16445->16448 16449 7ff70e8a9814 __CxxCallCatchBlock 45 API calls 16445->16449 16446->16443 16450 7ff70e8adea8 _get_daylight 11 API calls 16447->16450 16462 7ff70e8b15d4 16448->16462 16451 7ff70e8aa5d5 16449->16451 16452 7ff70e8aa57c 16450->16452 16453 7ff70e8aa59a FlsSetValue 16452->16453 16454 7ff70e8aa58a FlsSetValue 16452->16454 16456 7ff70e8aa5a6 FlsSetValue 16453->16456 16457 7ff70e8aa5b8 16453->16457 16455 7ff70e8aa593 16454->16455 16458 7ff70e8a9c58 __free_lconv_mon 11 API calls 16455->16458 16456->16455 16459 7ff70e8aa204 _get_daylight 11 API calls 16457->16459 16458->16445 16460 7ff70e8aa5c0 16459->16460 16461 7ff70e8a9c58 __free_lconv_mon 11 API calls 16460->16461 16461->16448 16485 7ff70e8b1844 16462->16485 16464 7ff70e8b1609 16500 7ff70e8b12d4 16464->16500 16467 7ff70e8b1626 16467->16398 16468 7ff70e8ac90c _fread_nolock 12 API calls 16469 7ff70e8b1637 16468->16469 16470 7ff70e8b163f 16469->16470 16472 7ff70e8b164e 16469->16472 16471 7ff70e8a9c58 __free_lconv_mon 11 API calls 16470->16471 16471->16467 16472->16472 16507 7ff70e8b197c 16472->16507 16475 7ff70e8b174a 16476 7ff70e8a43f4 _get_daylight 11 API calls 16475->16476 16477 7ff70e8b174f 16476->16477 16480 7ff70e8a9c58 __free_lconv_mon 11 API calls 16477->16480 16478 7ff70e8b17a5 16479 7ff70e8b180c 16478->16479 16518 7ff70e8b1104 16478->16518 16484 7ff70e8a9c58 __free_lconv_mon 11 API calls 16479->16484 16480->16467 16481 7ff70e8b1764 16481->16478 16482 7ff70e8a9c58 __free_lconv_mon 11 API calls 16481->16482 16482->16478 16484->16467 16486 7ff70e8b1867 16485->16486 16487 7ff70e8b1871 16486->16487 16533 7ff70e8af5e8 EnterCriticalSection 16486->16533 16489 7ff70e8b18e3 16487->16489 16491 7ff70e8a9814 __CxxCallCatchBlock 45 API calls 16487->16491 16489->16464 16494 7ff70e8b18fb 16491->16494 16496 7ff70e8b1952 16494->16496 16497 7ff70e8aa534 50 API calls 16494->16497 16496->16464 16498 7ff70e8b193c 16497->16498 16499 7ff70e8b15d4 65 API calls 16498->16499 16499->16496 16501 7ff70e8a4178 45 API calls 16500->16501 16502 7ff70e8b12e8 16501->16502 16503 7ff70e8b1306 16502->16503 16504 7ff70e8b12f4 GetOEMCP 16502->16504 16505 7ff70e8b131b 16503->16505 16506 7ff70e8b130b GetACP 16503->16506 16504->16505 16505->16467 16505->16468 16506->16505 16508 7ff70e8b12d4 47 API calls 16507->16508 16509 7ff70e8b19a9 16508->16509 16510 7ff70e8b1aff 16509->16510 16511 7ff70e8b19e6 IsValidCodePage 16509->16511 16517 7ff70e8b1a00 __scrt_get_show_window_mode 16509->16517 16512 7ff70e89b870 _log10_special 8 API calls 16510->16512 16511->16510 16513 7ff70e8b19f7 16511->16513 16514 7ff70e8b1741 16512->16514 16515 7ff70e8b1a26 GetCPInfo 16513->16515 16513->16517 16514->16475 16514->16481 16515->16510 16515->16517 16534 7ff70e8b13ec 16517->16534 16621 7ff70e8af5e8 EnterCriticalSection 16518->16621 16535 7ff70e8b1429 GetCPInfo 16534->16535 16544 7ff70e8b151f 16534->16544 16541 7ff70e8b143c 16535->16541 16535->16544 16536 7ff70e89b870 _log10_special 8 API calls 16538 7ff70e8b15be 16536->16538 16538->16510 16545 7ff70e8b2150 16541->16545 16544->16536 16546 7ff70e8a4178 45 API calls 16545->16546 16547 7ff70e8b2192 16546->16547 16565 7ff70e8aebb0 16547->16565 16566 7ff70e8aebb9 MultiByteToWideChar 16565->16566 16623 7ff70e8a8661 16622->16623 16624 7ff70e8a87c5 16622->16624 16623->16437 16625 7ff70e8a87ee 16624->16625 16626 7ff70e8a9c58 __free_lconv_mon 11 API calls 16624->16626 16627 7ff70e8a9c58 __free_lconv_mon 11 API calls 16625->16627 16626->16624 16627->16623 16629 7ff70e8b55d1 16628->16629 16630 7ff70e8b55e8 16628->16630 16631 7ff70e8a43f4 _get_daylight 11 API calls 16629->16631 16630->16629 16633 7ff70e8b55f6 16630->16633 16632 7ff70e8b55d6 16631->16632 16634 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16632->16634 16635 7ff70e8a4178 45 API calls 16633->16635 16636 7ff70e8b55e1 16633->16636 16634->16636 16635->16636 16636->16284 16638 7ff70e8a4178 45 API calls 16637->16638 16639 7ff70e8b8281 16638->16639 16642 7ff70e8b7ed8 16639->16642 16644 7ff70e8b7f26 16642->16644 16643 7ff70e89b870 _log10_special 8 API calls 16645 7ff70e8b6515 16643->16645 16646 7ff70e8b7fad 16644->16646 16648 7ff70e8b7f98 GetCPInfo 16644->16648 16649 7ff70e8b7fb1 16644->16649 16645->16284 16645->16300 16647 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16646->16647 16646->16649 16650 7ff70e8b8045 16647->16650 16648->16646 16648->16649 16649->16643 16650->16649 16651 7ff70e8b807c 16650->16651 16652 7ff70e8ac90c _fread_nolock 12 API calls 16650->16652 16651->16649 16653 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16651->16653 16652->16651 16654 7ff70e8b80ea 16653->16654 16655 7ff70e8b81cc 16654->16655 16656 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16654->16656 16655->16649 16657 7ff70e8a9c58 __free_lconv_mon 11 API calls 16655->16657 16658 7ff70e8b8110 16656->16658 16657->16649 16658->16655 16659 7ff70e8ac90c _fread_nolock 12 API calls 16658->16659 16660 7ff70e8b813d 16658->16660 16659->16660 16660->16655 16661 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16660->16661 16662 7ff70e8b81b4 16661->16662 16663 7ff70e8b81d4 16662->16663 16664 7ff70e8b81ba 16662->16664 16671 7ff70e8ae278 16663->16671 16664->16655 16666 7ff70e8a9c58 __free_lconv_mon 11 API calls 16664->16666 16666->16655 16668 7ff70e8b8213 16668->16649 16670 7ff70e8a9c58 __free_lconv_mon 11 API calls 16668->16670 16669 7ff70e8a9c58 __free_lconv_mon 11 API calls 16669->16668 16670->16649 16672 7ff70e8ae020 __crtLCMapStringW 5 API calls 16671->16672 16673 7ff70e8ae2b6 16672->16673 16674 7ff70e8ae2be 16673->16674 16675 7ff70e8ae4e0 __crtLCMapStringW 5 API calls 16673->16675 16674->16668 16674->16669 16676 7ff70e8ae327 CompareStringW 16675->16676 16676->16674 16678 7ff70e8b6f51 16677->16678 16679 7ff70e8b6f6a HeapSize 16677->16679 16680 7ff70e8a43f4 _get_daylight 11 API calls 16678->16680 16681 7ff70e8b6f56 16680->16681 16682 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 16681->16682 16683 7ff70e8b6f61 16682->16683 16683->16305 16685 7ff70e8b6fa3 16684->16685 16686 7ff70e8b6f99 16684->16686 16688 7ff70e8b6fa8 16685->16688 16694 7ff70e8b6faf _get_daylight 16685->16694 16687 7ff70e8ac90c _fread_nolock 12 API calls 16686->16687 16692 7ff70e8b6fa1 16687->16692 16689 7ff70e8a9c58 __free_lconv_mon 11 API calls 16688->16689 16689->16692 16690 7ff70e8b6fe2 HeapReAlloc 16690->16692 16690->16694 16691 7ff70e8b6fb5 16693 7ff70e8a43f4 _get_daylight 11 API calls 16691->16693 16692->16309 16693->16692 16694->16690 16694->16691 16695 7ff70e8b28a0 _get_daylight 2 API calls 16694->16695 16695->16694 16697 7ff70e8ae020 __crtLCMapStringW 5 API calls 16696->16697 16698 7ff70e8ae254 16697->16698 16698->16313 16700 7ff70e8a47e6 16699->16700 16701 7ff70e8a480a 16699->16701 16705 7ff70e8a9c58 __free_lconv_mon 11 API calls 16700->16705 16708 7ff70e8a47f5 16700->16708 16702 7ff70e8a480f 16701->16702 16703 7ff70e8a4864 16701->16703 16706 7ff70e8a4824 16702->16706 16702->16708 16709 7ff70e8a9c58 __free_lconv_mon 11 API calls 16702->16709 16704 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16703->16704 16716 7ff70e8a4880 16704->16716 16705->16708 16710 7ff70e8ac90c _fread_nolock 12 API calls 16706->16710 16707 7ff70e8a4887 GetLastError 16711 7ff70e8a4368 _fread_nolock 11 API calls 16707->16711 16708->16317 16708->16318 16709->16706 16710->16708 16714 7ff70e8a4894 16711->16714 16712 7ff70e8a48c2 16712->16708 16713 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 16712->16713 16717 7ff70e8a4906 16713->16717 16718 7ff70e8a43f4 _get_daylight 11 API calls 16714->16718 16715 7ff70e8a48b5 16720 7ff70e8ac90c _fread_nolock 12 API calls 16715->16720 16716->16707 16716->16712 16716->16715 16719 7ff70e8a9c58 __free_lconv_mon 11 API calls 16716->16719 16717->16707 16717->16708 16718->16708 16719->16715 16720->16712 16722 7ff70e8a8539 16721->16722 16723 7ff70e8a853d 16721->16723 16722->16349 16734 7ff70e8a88e4 16722->16734 16742 7ff70e8b1d4c GetEnvironmentStringsW 16723->16742 16726 7ff70e8a8556 16749 7ff70e8a86a4 16726->16749 16727 7ff70e8a854a 16728 7ff70e8a9c58 __free_lconv_mon 11 API calls 16727->16728 16728->16722 16731 7ff70e8a9c58 __free_lconv_mon 11 API calls 16732 7ff70e8a857d 16731->16732 16733 7ff70e8a9c58 __free_lconv_mon 11 API calls 16732->16733 16733->16722 16735 7ff70e8a8907 16734->16735 16736 7ff70e8a891e 16734->16736 16735->16349 16736->16735 16737 7ff70e8adea8 _get_daylight 11 API calls 16736->16737 16738 7ff70e8a8992 16736->16738 16739 7ff70e8aebb0 MultiByteToWideChar _fread_nolock 16736->16739 16741 7ff70e8a9c58 __free_lconv_mon 11 API calls 16736->16741 16737->16736 16740 7ff70e8a9c58 __free_lconv_mon 11 API calls 16738->16740 16739->16736 16740->16735 16741->16736 16743 7ff70e8b1d70 16742->16743 16744 7ff70e8a8542 16742->16744 16745 7ff70e8ac90c _fread_nolock 12 API calls 16743->16745 16744->16726 16744->16727 16746 7ff70e8b1da7 memcpy_s 16745->16746 16747 7ff70e8a9c58 __free_lconv_mon 11 API calls 16746->16747 16748 7ff70e8b1dc7 FreeEnvironmentStringsW 16747->16748 16748->16744 16750 7ff70e8a86cc 16749->16750 16751 7ff70e8adea8 _get_daylight 11 API calls 16750->16751 16763 7ff70e8a8707 16751->16763 16752 7ff70e8a870f 16753 7ff70e8a9c58 __free_lconv_mon 11 API calls 16752->16753 16754 7ff70e8a855e 16753->16754 16754->16731 16755 7ff70e8a8789 16756 7ff70e8a9c58 __free_lconv_mon 11 API calls 16755->16756 16756->16754 16757 7ff70e8adea8 _get_daylight 11 API calls 16757->16763 16758 7ff70e8a8778 16759 7ff70e8a87c0 11 API calls 16758->16759 16761 7ff70e8a8780 16759->16761 16760 7ff70e8af784 37 API calls 16760->16763 16762 7ff70e8a9c58 __free_lconv_mon 11 API calls 16761->16762 16762->16752 16763->16752 16763->16755 16763->16757 16763->16758 16763->16760 16764 7ff70e8a87ac 16763->16764 16765 7ff70e8a9c58 __free_lconv_mon 11 API calls 16763->16765 16766 7ff70e8a9c10 _isindst 17 API calls 16764->16766 16765->16763 16767 7ff70e8a87be 16766->16767 16769 7ff70e8b7e41 __crtLCMapStringW 16768->16769 16770 7ff70e8b63fe 16769->16770 16771 7ff70e8ae278 6 API calls 16769->16771 16770->16372 16770->16373 16771->16770 16772 7ff70e89bf5c 16793 7ff70e89c12c 16772->16793 16775 7ff70e89c0a8 16916 7ff70e89c44c IsProcessorFeaturePresent 16775->16916 16776 7ff70e89bf78 __scrt_acquire_startup_lock 16778 7ff70e89c0b2 16776->16778 16785 7ff70e89bf96 __scrt_release_startup_lock 16776->16785 16779 7ff70e89c44c 7 API calls 16778->16779 16781 7ff70e89c0bd __CxxCallCatchBlock 16779->16781 16780 7ff70e89bfbb 16782 7ff70e89c041 16799 7ff70e89c594 16782->16799 16784 7ff70e89c046 16802 7ff70e891000 16784->16802 16785->16780 16785->16782 16905 7ff70e8a8e44 16785->16905 16790 7ff70e89c069 16790->16781 16912 7ff70e89c2b0 16790->16912 16794 7ff70e89c134 16793->16794 16795 7ff70e89c140 __scrt_dllmain_crt_thread_attach 16794->16795 16796 7ff70e89bf70 16795->16796 16797 7ff70e89c14d 16795->16797 16796->16775 16796->16776 16797->16796 16923 7ff70e89cba8 16797->16923 16800 7ff70e8b97e0 __scrt_get_show_window_mode 16799->16800 16801 7ff70e89c5ab GetStartupInfoW 16800->16801 16801->16784 16803 7ff70e891009 16802->16803 16950 7ff70e8a4794 16803->16950 16805 7ff70e89352b 16957 7ff70e8933e0 16805->16957 16809 7ff70e89b870 _log10_special 8 API calls 16811 7ff70e89372a 16809->16811 16910 7ff70e89c5d8 GetModuleHandleW 16811->16910 16812 7ff70e893736 17148 7ff70e893f70 16812->17148 16813 7ff70e89356c 16814 7ff70e891bf0 49 API calls 16813->16814 16831 7ff70e893588 16814->16831 16817 7ff70e893785 16819 7ff70e8925f0 53 API calls 16817->16819 16904 7ff70e893538 16819->16904 16821 7ff70e89365f __std_exception_destroy 16827 7ff70e893834 16821->16827 16829 7ff70e897e10 14 API calls 16821->16829 16822 7ff70e893778 16823 7ff70e89379f 16822->16823 16824 7ff70e89377d 16822->16824 16826 7ff70e891bf0 49 API calls 16823->16826 17167 7ff70e89f36c 16824->17167 16828 7ff70e8937be 16826->16828 16853 7ff70e893805 __std_exception_destroy 16827->16853 17171 7ff70e893e90 16827->17171 16839 7ff70e8918f0 115 API calls 16828->16839 16832 7ff70e8936ae 16829->16832 17019 7ff70e897e10 16831->17019 17032 7ff70e897f80 16832->17032 16833 7ff70e893852 16835 7ff70e893871 16833->16835 16836 7ff70e893865 16833->16836 16838 7ff70e891bf0 49 API calls 16835->16838 17174 7ff70e893fe0 16836->17174 16838->16853 16841 7ff70e8937df 16839->16841 16840 7ff70e8936bd 16842 7ff70e89380f 16840->16842 16843 7ff70e8936cf 16840->16843 16841->16831 16846 7ff70e8937ef 16841->16846 17041 7ff70e898400 16842->17041 17037 7ff70e891bf0 16843->17037 16850 7ff70e8925f0 53 API calls 16846->16850 16849 7ff70e89389e SetDllDirectoryW 16856 7ff70e8938c3 16849->16856 16850->16904 17092 7ff70e8986b0 16853->17092 16854 7ff70e8936fc 17137 7ff70e8925f0 16854->17137 16858 7ff70e893a50 16856->16858 17097 7ff70e896560 16856->17097 16860 7ff70e893a5a PostMessageW GetMessageW 16858->16860 16861 7ff70e893a7d 16858->16861 16860->16861 17232 7ff70e893080 16861->17232 16864 7ff70e8938ea 16865 7ff70e893947 16864->16865 16867 7ff70e893901 16864->16867 17177 7ff70e8965a0 16864->17177 16865->16858 16872 7ff70e89395c 16865->16872 16880 7ff70e893905 16867->16880 17198 7ff70e896970 16867->17198 17117 7ff70e8930e0 16872->17117 16876 7ff70e896780 FreeLibrary 16880->16865 17214 7ff70e892870 16880->17214 16904->16809 16906 7ff70e8a8e5b 16905->16906 16907 7ff70e8a8e7c 16905->16907 16906->16782 16908 7ff70e8a96e8 45 API calls 16907->16908 16909 7ff70e8a8e81 16908->16909 16911 7ff70e89c5e9 16910->16911 16911->16790 16914 7ff70e89c2c1 16912->16914 16913 7ff70e89c080 16913->16780 16914->16913 16915 7ff70e89cba8 7 API calls 16914->16915 16915->16913 16917 7ff70e89c472 _isindst __scrt_get_show_window_mode 16916->16917 16918 7ff70e89c491 RtlCaptureContext RtlLookupFunctionEntry 16917->16918 16919 7ff70e89c4f6 __scrt_get_show_window_mode 16918->16919 16920 7ff70e89c4ba RtlVirtualUnwind 16918->16920 16921 7ff70e89c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16919->16921 16920->16919 16922 7ff70e89c576 _isindst 16921->16922 16922->16778 16924 7ff70e89cbb0 16923->16924 16925 7ff70e89cbba 16923->16925 16929 7ff70e89cf44 16924->16929 16925->16796 16930 7ff70e89cf53 16929->16930 16932 7ff70e89cbb5 16929->16932 16937 7ff70e89d180 16930->16937 16933 7ff70e89cfb0 16932->16933 16934 7ff70e89cfdb 16933->16934 16935 7ff70e89cfdf 16934->16935 16936 7ff70e89cfbe DeleteCriticalSection 16934->16936 16935->16925 16936->16934 16941 7ff70e89cfe8 16937->16941 16942 7ff70e89d0d2 TlsFree 16941->16942 16948 7ff70e89d02c __vcrt_InitializeCriticalSectionEx 16941->16948 16943 7ff70e89d05a LoadLibraryExW 16945 7ff70e89d0f9 16943->16945 16946 7ff70e89d07b GetLastError 16943->16946 16944 7ff70e89d119 GetProcAddress 16944->16942 16945->16944 16947 7ff70e89d110 FreeLibrary 16945->16947 16946->16948 16947->16944 16948->16942 16948->16943 16948->16944 16949 7ff70e89d09d LoadLibraryExW 16948->16949 16949->16945 16949->16948 16953 7ff70e8ae790 16950->16953 16951 7ff70e8ae7e3 16952 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 16951->16952 16954 7ff70e8ae80c 16952->16954 16953->16951 16955 7ff70e8ae836 16953->16955 16954->16805 17245 7ff70e8ae668 16955->17245 17253 7ff70e89bb70 16957->17253 16959 7ff70e8933ec GetModuleFileNameW 16960 7ff70e893438 16959->16960 16961 7ff70e89341b 16959->16961 17255 7ff70e8985a0 FindFirstFileExW 16960->17255 17260 7ff70e8929e0 16961->17260 16965 7ff70e89342e 16968 7ff70e89b870 _log10_special 8 API calls 16965->16968 16966 7ff70e8934a5 17279 7ff70e898760 16966->17279 16967 7ff70e89344b 17270 7ff70e898620 CreateFileW 16967->17270 16972 7ff70e8934dd 16968->16972 16971 7ff70e8934b3 16971->16965 16976 7ff70e8926c0 49 API calls 16971->16976 16972->16904 16979 7ff70e8918f0 16972->16979 16974 7ff70e893474 __vcrt_InitializeCriticalSectionEx 16974->16966 16975 7ff70e89345c 17273 7ff70e8926c0 16975->17273 16976->16965 16980 7ff70e893f70 108 API calls 16979->16980 16981 7ff70e891925 16980->16981 16982 7ff70e891bb6 16981->16982 16984 7ff70e8976a0 83 API calls 16981->16984 16983 7ff70e89b870 _log10_special 8 API calls 16982->16983 16985 7ff70e891bd1 16983->16985 16986 7ff70e89196b 16984->16986 16985->16812 16985->16813 17018 7ff70e89199c 16986->17018 17624 7ff70e89f9f4 16986->17624 16988 7ff70e89f36c 74 API calls 16988->16982 16989 7ff70e891985 16990 7ff70e8919a1 16989->16990 16991 7ff70e891989 16989->16991 17628 7ff70e89f6bc 16990->17628 17631 7ff70e892760 16991->17631 16995 7ff70e8919bf 16997 7ff70e892760 53 API calls 16995->16997 16996 7ff70e8919d7 16998 7ff70e891a06 16996->16998 16999 7ff70e8919ee 16996->16999 16997->17018 17001 7ff70e891bf0 49 API calls 16998->17001 17000 7ff70e892760 53 API calls 16999->17000 17000->17018 17002 7ff70e891a1d 17001->17002 17003 7ff70e891bf0 49 API calls 17002->17003 17004 7ff70e891a68 17003->17004 17005 7ff70e89f9f4 73 API calls 17004->17005 17006 7ff70e891a8c 17005->17006 17007 7ff70e891aa1 17006->17007 17008 7ff70e891ab9 17006->17008 17009 7ff70e892760 53 API calls 17007->17009 17010 7ff70e89f6bc _fread_nolock 53 API calls 17008->17010 17009->17018 17011 7ff70e891ace 17010->17011 17012 7ff70e891ad4 17011->17012 17013 7ff70e891aec 17011->17013 17014 7ff70e892760 53 API calls 17012->17014 17648 7ff70e89f430 17013->17648 17014->17018 17017 7ff70e8925f0 53 API calls 17017->17018 17018->16988 17020 7ff70e897e1a 17019->17020 17021 7ff70e8986b0 2 API calls 17020->17021 17022 7ff70e897e39 GetEnvironmentVariableW 17021->17022 17023 7ff70e897ea2 17022->17023 17024 7ff70e897e56 ExpandEnvironmentStringsW 17022->17024 17025 7ff70e89b870 _log10_special 8 API calls 17023->17025 17024->17023 17026 7ff70e897e78 17024->17026 17027 7ff70e897eb4 17025->17027 17028 7ff70e898760 2 API calls 17026->17028 17027->16821 17029 7ff70e897e8a 17028->17029 17030 7ff70e89b870 _log10_special 8 API calls 17029->17030 17031 7ff70e897e9a 17030->17031 17031->16821 17033 7ff70e8986b0 2 API calls 17032->17033 17034 7ff70e897f94 17033->17034 17854 7ff70e8a7548 17034->17854 17036 7ff70e897fa6 __std_exception_destroy 17036->16840 17038 7ff70e891c15 17037->17038 17039 7ff70e8a3ca4 49 API calls 17038->17039 17040 7ff70e891c38 17039->17040 17040->16853 17040->16854 17042 7ff70e898415 17041->17042 17872 7ff70e897b50 GetCurrentProcess OpenProcessToken 17042->17872 17045 7ff70e897b50 7 API calls 17046 7ff70e898441 17045->17046 17047 7ff70e898474 17046->17047 17048 7ff70e89845a 17046->17048 17049 7ff70e892590 48 API calls 17047->17049 17050 7ff70e892590 48 API calls 17048->17050 17052 7ff70e898487 LocalFree LocalFree 17049->17052 17051 7ff70e898472 17050->17051 17051->17052 17053 7ff70e8984a3 17052->17053 17055 7ff70e8984af 17052->17055 17093 7ff70e8986f6 17092->17093 17094 7ff70e8986d2 MultiByteToWideChar 17092->17094 17095 7ff70e898713 MultiByteToWideChar 17093->17095 17096 7ff70e89870c __std_exception_destroy 17093->17096 17094->17093 17094->17096 17095->17096 17096->16849 17098 7ff70e896575 17097->17098 17099 7ff70e892760 53 API calls 17098->17099 17100 7ff70e8938d5 17098->17100 17099->17100 17101 7ff70e896b00 17100->17101 17102 7ff70e896b30 17101->17102 17105 7ff70e896b4a __std_exception_destroy 17101->17105 17102->17105 18057 7ff70e891440 17102->18057 17104 7ff70e896b54 17104->17105 17106 7ff70e893fe0 49 API calls 17104->17106 17105->16864 17107 7ff70e896b76 17106->17107 17108 7ff70e896b7b 17107->17108 17109 7ff70e893fe0 49 API calls 17107->17109 17110 7ff70e892870 53 API calls 17108->17110 17111 7ff70e896b9a 17109->17111 17110->17105 17111->17108 17112 7ff70e893fe0 49 API calls 17111->17112 17113 7ff70e896bb6 17112->17113 17113->17108 17129 7ff70e8930ee __scrt_get_show_window_mode 17117->17129 17118 7ff70e89b870 _log10_special 8 API calls 17119 7ff70e89338e 17118->17119 17119->16904 17136 7ff70e8983e0 LocalFree 17119->17136 17120 7ff70e8932e7 17120->17118 17122 7ff70e891bf0 49 API calls 17122->17129 17123 7ff70e893309 17125 7ff70e8925f0 53 API calls 17123->17125 17125->17120 17128 7ff70e8932e9 17131 7ff70e8925f0 53 API calls 17128->17131 17129->17120 17129->17122 17129->17123 17129->17128 17130 7ff70e892870 53 API calls 17129->17130 17134 7ff70e8932f7 17129->17134 18118 7ff70e893f10 17129->18118 18124 7ff70e897530 17129->18124 18135 7ff70e8915c0 17129->18135 18173 7ff70e8968e0 17129->18173 18177 7ff70e893b40 17129->18177 18221 7ff70e893e00 17129->18221 17130->17129 17131->17120 17135 7ff70e8925f0 53 API calls 17134->17135 17135->17120 17138 7ff70e89262a 17137->17138 17139 7ff70e8a3ca4 49 API calls 17138->17139 17140 7ff70e892652 17139->17140 17141 7ff70e8986b0 2 API calls 17140->17141 17149 7ff70e893f7c 17148->17149 17150 7ff70e8986b0 2 API calls 17149->17150 17151 7ff70e893fa4 17150->17151 17152 7ff70e8986b0 2 API calls 17151->17152 17153 7ff70e893fb7 17152->17153 18341 7ff70e8a52a4 17153->18341 17156 7ff70e89b870 _log10_special 8 API calls 17157 7ff70e893746 17156->17157 17157->16817 17158 7ff70e8976a0 17157->17158 17159 7ff70e8976c4 17158->17159 17160 7ff70e89f9f4 73 API calls 17159->17160 17165 7ff70e89779b __std_exception_destroy 17159->17165 17161 7ff70e8976e0 17160->17161 17161->17165 18732 7ff70e8a6bd8 17161->18732 17163 7ff70e89f9f4 73 API calls 17166 7ff70e8976f5 17163->17166 17164 7ff70e89f6bc _fread_nolock 53 API calls 17164->17166 17165->16822 17166->17163 17166->17164 17166->17165 17168 7ff70e89f39c 17167->17168 18747 7ff70e89f148 17168->18747 17170 7ff70e89f3b5 17170->16817 17172 7ff70e891bf0 49 API calls 17171->17172 17173 7ff70e893ead 17172->17173 17173->16833 17175 7ff70e891bf0 49 API calls 17174->17175 17176 7ff70e894010 17175->17176 17176->16853 17195 7ff70e8965bc 17177->17195 17178 7ff70e8966df 17179 7ff70e89b870 _log10_special 8 API calls 17178->17179 17180 7ff70e8966f1 17179->17180 17180->16867 17181 7ff70e8917e0 45 API calls 17181->17195 17182 7ff70e89675d 17183 7ff70e8925f0 53 API calls 17182->17183 17183->17178 17184 7ff70e891bf0 49 API calls 17184->17195 17185 7ff70e89674a 17187 7ff70e8925f0 53 API calls 17185->17187 17186 7ff70e893f10 10 API calls 17186->17195 17187->17178 17188 7ff70e89670d 17190 7ff70e8925f0 53 API calls 17188->17190 17189 7ff70e897530 52 API calls 17189->17195 17190->17178 17191 7ff70e892870 53 API calls 17191->17195 17192 7ff70e896737 17193 7ff70e8925f0 53 API calls 17192->17193 17193->17178 17194 7ff70e8915c0 118 API calls 17194->17195 17195->17178 17195->17181 17195->17182 17195->17184 17195->17185 17195->17186 17195->17188 17195->17189 17195->17191 17195->17192 17195->17194 17196 7ff70e896720 17195->17196 17197 7ff70e8925f0 53 API calls 17196->17197 17197->17178 18758 7ff70e8981a0 17198->18758 17200 7ff70e896989 17201 7ff70e8981a0 3 API calls 17200->17201 17203 7ff70e89699c 17201->17203 17202 7ff70e8969cf 17205 7ff70e8925f0 53 API calls 17202->17205 17203->17202 17204 7ff70e8969b4 17203->17204 18762 7ff70e896ea0 GetProcAddress 17204->18762 17215 7ff70e8928aa 17214->17215 17216 7ff70e8a3ca4 49 API calls 17215->17216 17217 7ff70e8928d2 17216->17217 17218 7ff70e8986b0 2 API calls 17217->17218 17219 7ff70e8928ea 17218->17219 17220 7ff70e8928f7 MessageBoxW 17219->17220 17221 7ff70e89290e MessageBoxA 17219->17221 17222 7ff70e892920 17220->17222 17221->17222 17223 7ff70e89b870 _log10_special 8 API calls 17222->17223 17224 7ff70e892930 17223->17224 18827 7ff70e895af0 17232->18827 17240 7ff70e8930b9 17241 7ff70e8933a0 17240->17241 17242 7ff70e8933ae 17241->17242 17244 7ff70e8933bf 17242->17244 19100 7ff70e898180 FreeLibrary 17242->19100 17244->16876 17252 7ff70e8a477c EnterCriticalSection 17245->17252 17254 7ff70e89bb9a 17253->17254 17254->16959 17254->17254 17256 7ff70e8985df FindClose 17255->17256 17257 7ff70e8985f2 17255->17257 17256->17257 17258 7ff70e89b870 _log10_special 8 API calls 17257->17258 17259 7ff70e893442 17258->17259 17259->16966 17259->16967 17261 7ff70e89bb70 17260->17261 17262 7ff70e8929fc GetLastError 17261->17262 17263 7ff70e892a29 17262->17263 17284 7ff70e8a3ef8 17263->17284 17268 7ff70e89b870 _log10_special 8 API calls 17269 7ff70e892ae5 17268->17269 17269->16965 17271 7ff70e898660 GetFinalPathNameByHandleW CloseHandle 17270->17271 17272 7ff70e893458 17270->17272 17271->17272 17272->16974 17272->16975 17274 7ff70e8926fa 17273->17274 17275 7ff70e8a3ef8 48 API calls 17274->17275 17276 7ff70e892722 MessageBoxW 17275->17276 17277 7ff70e89b870 _log10_special 8 API calls 17276->17277 17278 7ff70e89274c 17277->17278 17278->16965 17280 7ff70e89878a WideCharToMultiByte 17279->17280 17283 7ff70e8987b5 17279->17283 17282 7ff70e8987cb __std_exception_destroy 17280->17282 17280->17283 17281 7ff70e8987d2 WideCharToMultiByte 17281->17282 17282->16971 17283->17281 17283->17282 17286 7ff70e8a3f52 17284->17286 17285 7ff70e8a3f77 17288 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17285->17288 17286->17285 17287 7ff70e8a3fb3 17286->17287 17306 7ff70e8a22b0 17287->17306 17301 7ff70e8a3fa1 17288->17301 17290 7ff70e8a4094 17293 7ff70e8a9c58 __free_lconv_mon 11 API calls 17290->17293 17292 7ff70e89b870 _log10_special 8 API calls 17294 7ff70e892a54 FormatMessageW 17292->17294 17293->17301 17302 7ff70e892590 17294->17302 17295 7ff70e8a40ba 17295->17290 17297 7ff70e8a40c4 17295->17297 17296 7ff70e8a4069 17298 7ff70e8a9c58 __free_lconv_mon 11 API calls 17296->17298 17300 7ff70e8a9c58 __free_lconv_mon 11 API calls 17297->17300 17298->17301 17299 7ff70e8a4060 17299->17290 17299->17296 17300->17301 17301->17292 17303 7ff70e8925b5 17302->17303 17304 7ff70e8a3ef8 48 API calls 17303->17304 17305 7ff70e8925d8 MessageBoxW 17304->17305 17305->17268 17307 7ff70e8a22ee 17306->17307 17308 7ff70e8a22de 17306->17308 17309 7ff70e8a22f7 17307->17309 17313 7ff70e8a2325 17307->17313 17312 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17308->17312 17310 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17309->17310 17311 7ff70e8a231d 17310->17311 17311->17290 17311->17295 17311->17296 17311->17299 17312->17311 17313->17308 17313->17311 17317 7ff70e8a2cc4 17313->17317 17350 7ff70e8a2710 17313->17350 17387 7ff70e8a1ea0 17313->17387 17318 7ff70e8a2d06 17317->17318 17319 7ff70e8a2d77 17317->17319 17320 7ff70e8a2da1 17318->17320 17321 7ff70e8a2d0c 17318->17321 17322 7ff70e8a2dd0 17319->17322 17323 7ff70e8a2d7c 17319->17323 17410 7ff70e8a1074 17320->17410 17324 7ff70e8a2d40 17321->17324 17325 7ff70e8a2d11 17321->17325 17329 7ff70e8a2de7 17322->17329 17331 7ff70e8a2dda 17322->17331 17335 7ff70e8a2ddf 17322->17335 17326 7ff70e8a2db1 17323->17326 17327 7ff70e8a2d7e 17323->17327 17332 7ff70e8a2d17 17324->17332 17324->17335 17325->17329 17325->17332 17417 7ff70e8a0c64 17326->17417 17330 7ff70e8a2d20 17327->17330 17339 7ff70e8a2d8d 17327->17339 17424 7ff70e8a39cc 17329->17424 17348 7ff70e8a2e10 17330->17348 17390 7ff70e8a3478 17330->17390 17331->17320 17331->17335 17332->17330 17338 7ff70e8a2d52 17332->17338 17346 7ff70e8a2d3b 17332->17346 17335->17348 17428 7ff70e8a1484 17335->17428 17338->17348 17400 7ff70e8a37b4 17338->17400 17339->17320 17341 7ff70e8a2d92 17339->17341 17341->17348 17406 7ff70e8a3878 17341->17406 17342 7ff70e89b870 _log10_special 8 API calls 17343 7ff70e8a310a 17342->17343 17343->17313 17346->17348 17349 7ff70e8a2ffc 17346->17349 17435 7ff70e8a3ae0 17346->17435 17348->17342 17349->17348 17441 7ff70e8add18 17349->17441 17351 7ff70e8a2734 17350->17351 17352 7ff70e8a271e 17350->17352 17355 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17351->17355 17356 7ff70e8a2774 17351->17356 17353 7ff70e8a2d06 17352->17353 17354 7ff70e8a2d77 17352->17354 17352->17356 17357 7ff70e8a2da1 17353->17357 17358 7ff70e8a2d0c 17353->17358 17359 7ff70e8a2dd0 17354->17359 17360 7ff70e8a2d7c 17354->17360 17355->17356 17356->17313 17365 7ff70e8a1074 38 API calls 17357->17365 17361 7ff70e8a2d40 17358->17361 17362 7ff70e8a2d11 17358->17362 17366 7ff70e8a2de7 17359->17366 17368 7ff70e8a2dda 17359->17368 17372 7ff70e8a2ddf 17359->17372 17363 7ff70e8a2db1 17360->17363 17364 7ff70e8a2d7e 17360->17364 17369 7ff70e8a2d17 17361->17369 17361->17372 17362->17366 17362->17369 17370 7ff70e8a0c64 38 API calls 17363->17370 17367 7ff70e8a2d20 17364->17367 17376 7ff70e8a2d8d 17364->17376 17383 7ff70e8a2d3b 17365->17383 17373 7ff70e8a39cc 45 API calls 17366->17373 17371 7ff70e8a3478 47 API calls 17367->17371 17386 7ff70e8a2e10 17367->17386 17368->17357 17368->17372 17369->17367 17374 7ff70e8a2d52 17369->17374 17369->17383 17370->17383 17371->17383 17375 7ff70e8a1484 38 API calls 17372->17375 17372->17386 17373->17383 17377 7ff70e8a37b4 46 API calls 17374->17377 17374->17386 17375->17383 17376->17357 17378 7ff70e8a2d92 17376->17378 17377->17383 17381 7ff70e8a3878 37 API calls 17378->17381 17378->17386 17379 7ff70e89b870 _log10_special 8 API calls 17380 7ff70e8a310a 17379->17380 17380->17313 17381->17383 17382 7ff70e8a3ae0 45 API calls 17385 7ff70e8a2ffc 17382->17385 17383->17382 17383->17385 17383->17386 17384 7ff70e8add18 46 API calls 17384->17385 17385->17384 17385->17386 17386->17379 17607 7ff70e8a02e8 17387->17607 17391 7ff70e8a349e 17390->17391 17453 7ff70e89fea0 17391->17453 17396 7ff70e8a3ae0 45 API calls 17398 7ff70e8a35e3 17396->17398 17397 7ff70e8a3ae0 45 API calls 17399 7ff70e8a3671 17397->17399 17398->17397 17398->17398 17398->17399 17399->17346 17401 7ff70e8a37e9 17400->17401 17402 7ff70e8a3807 17401->17402 17403 7ff70e8a3ae0 45 API calls 17401->17403 17405 7ff70e8a382e 17401->17405 17404 7ff70e8add18 46 API calls 17402->17404 17403->17402 17404->17405 17405->17346 17408 7ff70e8a3899 17406->17408 17407 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17409 7ff70e8a38ca 17407->17409 17408->17407 17408->17409 17409->17346 17411 7ff70e8a10a7 17410->17411 17412 7ff70e8a10d6 17411->17412 17414 7ff70e8a1193 17411->17414 17416 7ff70e8a1113 17412->17416 17580 7ff70e89ff48 17412->17580 17415 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17414->17415 17415->17416 17416->17346 17419 7ff70e8a0c97 17417->17419 17418 7ff70e8a0cc6 17420 7ff70e89ff48 12 API calls 17418->17420 17423 7ff70e8a0d03 17418->17423 17419->17418 17421 7ff70e8a0d83 17419->17421 17420->17423 17422 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17421->17422 17422->17423 17423->17346 17425 7ff70e8a3a0f 17424->17425 17427 7ff70e8a3a13 __crtLCMapStringW 17425->17427 17588 7ff70e8a3a68 17425->17588 17427->17346 17429 7ff70e8a14b7 17428->17429 17430 7ff70e8a14e6 17429->17430 17432 7ff70e8a15a3 17429->17432 17431 7ff70e89ff48 12 API calls 17430->17431 17434 7ff70e8a1523 17430->17434 17431->17434 17433 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17432->17433 17433->17434 17434->17346 17436 7ff70e8a3af7 17435->17436 17592 7ff70e8accc8 17436->17592 17442 7ff70e8add49 17441->17442 17451 7ff70e8add57 17441->17451 17443 7ff70e8add77 17442->17443 17446 7ff70e8a3ae0 45 API calls 17442->17446 17442->17451 17444 7ff70e8addaf 17443->17444 17445 7ff70e8add88 17443->17445 17448 7ff70e8addd9 17444->17448 17449 7ff70e8ade3a 17444->17449 17444->17451 17600 7ff70e8af3b0 17445->17600 17446->17443 17448->17451 17452 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 17448->17452 17450 7ff70e8aebb0 _fread_nolock MultiByteToWideChar 17449->17450 17450->17451 17451->17349 17452->17451 17454 7ff70e89fed7 17453->17454 17460 7ff70e89fec6 17453->17460 17455 7ff70e8ac90c _fread_nolock 12 API calls 17454->17455 17454->17460 17456 7ff70e89ff04 17455->17456 17457 7ff70e89ff18 17456->17457 17458 7ff70e8a9c58 __free_lconv_mon 11 API calls 17456->17458 17459 7ff70e8a9c58 __free_lconv_mon 11 API calls 17457->17459 17458->17457 17459->17460 17461 7ff70e8ad880 17460->17461 17462 7ff70e8ad8d0 17461->17462 17463 7ff70e8ad89d 17461->17463 17462->17463 17465 7ff70e8ad902 17462->17465 17464 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17463->17464 17474 7ff70e8a35c1 17464->17474 17466 7ff70e8ada15 17465->17466 17478 7ff70e8ad94a 17465->17478 17467 7ff70e8adb07 17466->17467 17469 7ff70e8adacd 17466->17469 17470 7ff70e8ada9c 17466->17470 17472 7ff70e8ada5f 17466->17472 17475 7ff70e8ada55 17466->17475 17507 7ff70e8acd6c 17467->17507 17500 7ff70e8ad104 17469->17500 17493 7ff70e8ad3e4 17470->17493 17483 7ff70e8ad614 17472->17483 17474->17396 17474->17398 17475->17469 17477 7ff70e8ada5a 17475->17477 17477->17470 17477->17472 17478->17474 17479 7ff70e8a97b4 __std_exception_copy 37 API calls 17478->17479 17480 7ff70e8ada02 17479->17480 17480->17474 17481 7ff70e8a9c10 _isindst 17 API calls 17480->17481 17482 7ff70e8adb64 17481->17482 17516 7ff70e8b33bc 17483->17516 17487 7ff70e8ad6bc 17488 7ff70e8ad711 17487->17488 17490 7ff70e8ad6dc 17487->17490 17492 7ff70e8ad6c0 17487->17492 17569 7ff70e8ad200 17488->17569 17565 7ff70e8ad4bc 17490->17565 17492->17474 17494 7ff70e8b33bc 38 API calls 17493->17494 17495 7ff70e8ad42e 17494->17495 17496 7ff70e8b2e04 37 API calls 17495->17496 17497 7ff70e8ad47e 17496->17497 17498 7ff70e8ad482 17497->17498 17499 7ff70e8ad4bc 45 API calls 17497->17499 17498->17474 17499->17498 17501 7ff70e8b33bc 38 API calls 17500->17501 17502 7ff70e8ad14f 17501->17502 17503 7ff70e8b2e04 37 API calls 17502->17503 17504 7ff70e8ad1a7 17503->17504 17505 7ff70e8ad1ab 17504->17505 17506 7ff70e8ad200 45 API calls 17504->17506 17505->17474 17506->17505 17508 7ff70e8acdb1 17507->17508 17509 7ff70e8acde4 17507->17509 17510 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17508->17510 17511 7ff70e8acdfc 17509->17511 17513 7ff70e8ace7d 17509->17513 17515 7ff70e8acddd __scrt_get_show_window_mode 17510->17515 17512 7ff70e8ad104 46 API calls 17511->17512 17512->17515 17514 7ff70e8a3ae0 45 API calls 17513->17514 17513->17515 17514->17515 17515->17474 17517 7ff70e8b340f fegetenv 17516->17517 17518 7ff70e8b713c 37 API calls 17517->17518 17522 7ff70e8b3462 17518->17522 17519 7ff70e8b348f 17524 7ff70e8a97b4 __std_exception_copy 37 API calls 17519->17524 17520 7ff70e8b3552 17521 7ff70e8b713c 37 API calls 17520->17521 17523 7ff70e8b357c 17521->17523 17522->17520 17525 7ff70e8b347d 17522->17525 17526 7ff70e8b352c 17522->17526 17527 7ff70e8b713c 37 API calls 17523->17527 17528 7ff70e8b350d 17524->17528 17525->17519 17525->17520 17529 7ff70e8a97b4 __std_exception_copy 37 API calls 17526->17529 17530 7ff70e8b358d 17527->17530 17531 7ff70e8b4634 17528->17531 17535 7ff70e8b3515 17528->17535 17529->17528 17533 7ff70e8b7330 20 API calls 17530->17533 17532 7ff70e8a9c10 _isindst 17 API calls 17531->17532 17534 7ff70e8b4649 17532->17534 17543 7ff70e8b35f6 __scrt_get_show_window_mode 17533->17543 17536 7ff70e89b870 _log10_special 8 API calls 17535->17536 17537 7ff70e8ad661 17536->17537 17561 7ff70e8b2e04 17537->17561 17538 7ff70e8b399f __scrt_get_show_window_mode 17539 7ff70e8b3cdf 17540 7ff70e8b2f20 37 API calls 17539->17540 17548 7ff70e8b43f7 17540->17548 17541 7ff70e8b3c8b 17541->17539 17545 7ff70e8b464c memcpy_s 37 API calls 17541->17545 17542 7ff70e8b3637 memcpy_s 17551 7ff70e8b3f7b memcpy_s __scrt_get_show_window_mode 17542->17551 17556 7ff70e8b3a93 memcpy_s __scrt_get_show_window_mode 17542->17556 17543->17538 17543->17542 17546 7ff70e8a43f4 _get_daylight 11 API calls 17543->17546 17544 7ff70e8b4452 17550 7ff70e8b45d8 17544->17550 17557 7ff70e8b2f20 37 API calls 17544->17557 17560 7ff70e8b464c memcpy_s 37 API calls 17544->17560 17545->17539 17547 7ff70e8b3a70 17546->17547 17549 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17547->17549 17548->17544 17552 7ff70e8b464c memcpy_s 37 API calls 17548->17552 17549->17542 17553 7ff70e8b713c 37 API calls 17550->17553 17551->17539 17551->17541 17554 7ff70e8a43f4 11 API calls _get_daylight 17551->17554 17558 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 17551->17558 17552->17544 17553->17535 17554->17551 17555 7ff70e8a43f4 11 API calls _get_daylight 17555->17556 17556->17541 17556->17555 17559 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 17556->17559 17557->17544 17558->17551 17559->17556 17560->17544 17562 7ff70e8b2e23 17561->17562 17563 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17562->17563 17564 7ff70e8b2e4e memcpy_s 17562->17564 17563->17564 17564->17487 17566 7ff70e8ad4e8 memcpy_s 17565->17566 17567 7ff70e8a3ae0 45 API calls 17566->17567 17568 7ff70e8ad5a2 memcpy_s __scrt_get_show_window_mode 17566->17568 17567->17568 17568->17492 17570 7ff70e8ad23b 17569->17570 17572 7ff70e8ad288 memcpy_s 17569->17572 17571 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17570->17571 17573 7ff70e8ad267 17571->17573 17574 7ff70e8ad2f3 17572->17574 17576 7ff70e8a3ae0 45 API calls 17572->17576 17573->17492 17575 7ff70e8a97b4 __std_exception_copy 37 API calls 17574->17575 17579 7ff70e8ad335 memcpy_s 17575->17579 17576->17574 17577 7ff70e8a9c10 _isindst 17 API calls 17578 7ff70e8ad3e0 17577->17578 17579->17577 17581 7ff70e89ff7f 17580->17581 17587 7ff70e89ff6e 17580->17587 17582 7ff70e8ac90c _fread_nolock 12 API calls 17581->17582 17581->17587 17583 7ff70e89ffb0 17582->17583 17584 7ff70e89ffc4 17583->17584 17585 7ff70e8a9c58 __free_lconv_mon 11 API calls 17583->17585 17586 7ff70e8a9c58 __free_lconv_mon 11 API calls 17584->17586 17585->17584 17586->17587 17587->17416 17589 7ff70e8a3a86 17588->17589 17590 7ff70e8a3a8e 17588->17590 17591 7ff70e8a3ae0 45 API calls 17589->17591 17590->17427 17591->17590 17593 7ff70e8acce1 17592->17593 17594 7ff70e8a3b1f 17592->17594 17593->17594 17595 7ff70e8b2614 45 API calls 17593->17595 17596 7ff70e8acd34 17594->17596 17595->17594 17597 7ff70e8acd4d 17596->17597 17599 7ff70e8a3b2f 17596->17599 17598 7ff70e8b1960 45 API calls 17597->17598 17597->17599 17598->17599 17599->17349 17603 7ff70e8b6098 17600->17603 17606 7ff70e8b60fc 17603->17606 17604 7ff70e89b870 _log10_special 8 API calls 17605 7ff70e8af3cd 17604->17605 17605->17451 17606->17604 17608 7ff70e8a032f 17607->17608 17609 7ff70e8a031d 17607->17609 17612 7ff70e8a033d 17608->17612 17615 7ff70e8a0379 17608->17615 17610 7ff70e8a43f4 _get_daylight 11 API calls 17609->17610 17611 7ff70e8a0322 17610->17611 17613 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17611->17613 17614 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17612->17614 17621 7ff70e8a032d 17613->17621 17614->17621 17616 7ff70e8a06f5 17615->17616 17618 7ff70e8a43f4 _get_daylight 11 API calls 17615->17618 17617 7ff70e8a43f4 _get_daylight 11 API calls 17616->17617 17616->17621 17619 7ff70e8a0989 17617->17619 17620 7ff70e8a06ea 17618->17620 17622 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17619->17622 17623 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17620->17623 17621->17313 17622->17621 17623->17616 17625 7ff70e89fa24 17624->17625 17654 7ff70e89f784 17625->17654 17627 7ff70e89fa3d 17627->16989 17666 7ff70e89f6dc 17628->17666 17632 7ff70e89277c 17631->17632 17633 7ff70e8a43f4 _get_daylight 11 API calls 17632->17633 17634 7ff70e892799 17633->17634 17680 7ff70e8a3ca4 17634->17680 17639 7ff70e891bf0 49 API calls 17640 7ff70e892807 17639->17640 17641 7ff70e8986b0 2 API calls 17640->17641 17642 7ff70e89281f 17641->17642 17643 7ff70e892843 MessageBoxA 17642->17643 17644 7ff70e89282c MessageBoxW 17642->17644 17645 7ff70e892855 17643->17645 17644->17645 17646 7ff70e89b870 _log10_special 8 API calls 17645->17646 17647 7ff70e892865 17646->17647 17647->17018 17649 7ff70e89f439 17648->17649 17650 7ff70e891b06 17648->17650 17651 7ff70e8a43f4 _get_daylight 11 API calls 17649->17651 17650->17017 17650->17018 17652 7ff70e89f43e 17651->17652 17653 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17652->17653 17653->17650 17655 7ff70e89f7ee 17654->17655 17656 7ff70e89f7ae 17654->17656 17655->17656 17658 7ff70e89f7fa 17655->17658 17657 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17656->17657 17664 7ff70e89f7d5 17657->17664 17665 7ff70e8a477c EnterCriticalSection 17658->17665 17664->17627 17667 7ff70e89f706 17666->17667 17678 7ff70e8919b9 17666->17678 17668 7ff70e89f752 17667->17668 17672 7ff70e89f715 __scrt_get_show_window_mode 17667->17672 17667->17678 17679 7ff70e8a477c EnterCriticalSection 17668->17679 17670 7ff70e8a43f4 _get_daylight 11 API calls 17673 7ff70e89f72a 17670->17673 17672->17670 17675 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17673->17675 17675->17678 17678->16995 17678->16996 17684 7ff70e8a3cfe 17680->17684 17681 7ff70e8a3d23 17682 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17681->17682 17686 7ff70e8a3d4d 17682->17686 17683 7ff70e8a3d5f 17710 7ff70e8a1f30 17683->17710 17684->17681 17684->17683 17687 7ff70e89b870 _log10_special 8 API calls 17686->17687 17689 7ff70e8927d8 17687->17689 17688 7ff70e8a9c58 __free_lconv_mon 11 API calls 17688->17686 17698 7ff70e8a4480 17689->17698 17691 7ff70e8a3e60 17693 7ff70e8a3e6a 17691->17693 17697 7ff70e8a3e3c 17691->17697 17692 7ff70e8a3e11 17694 7ff70e8a9c58 __free_lconv_mon 11 API calls 17692->17694 17696 7ff70e8a9c58 __free_lconv_mon 11 API calls 17693->17696 17694->17686 17695 7ff70e8a3e08 17695->17692 17695->17697 17696->17686 17697->17688 17699 7ff70e8aa5d8 _get_daylight 11 API calls 17698->17699 17700 7ff70e8a4497 17699->17700 17701 7ff70e8927df 17700->17701 17702 7ff70e8adea8 _get_daylight 11 API calls 17700->17702 17705 7ff70e8a44d7 17700->17705 17701->17639 17703 7ff70e8a44cc 17702->17703 17704 7ff70e8a9c58 __free_lconv_mon 11 API calls 17703->17704 17704->17705 17705->17701 17845 7ff70e8adf30 17705->17845 17708 7ff70e8a9c10 _isindst 17 API calls 17709 7ff70e8a451c 17708->17709 17711 7ff70e8a1f6e 17710->17711 17712 7ff70e8a1f5e 17710->17712 17713 7ff70e8a1f77 17711->17713 17721 7ff70e8a1fa5 17711->17721 17714 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17712->17714 17715 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17713->17715 17716 7ff70e8a1f9d 17714->17716 17715->17716 17716->17691 17716->17692 17716->17695 17716->17697 17717 7ff70e8a3ae0 45 API calls 17717->17721 17719 7ff70e8a2254 17720 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17719->17720 17720->17712 17721->17712 17721->17716 17721->17717 17721->17719 17724 7ff70e8a28c0 17721->17724 17750 7ff70e8a2588 17721->17750 17780 7ff70e8a1e10 17721->17780 17725 7ff70e8a2902 17724->17725 17726 7ff70e8a2975 17724->17726 17727 7ff70e8a299f 17725->17727 17728 7ff70e8a2908 17725->17728 17729 7ff70e8a29cf 17726->17729 17730 7ff70e8a297a 17726->17730 17797 7ff70e8a0e70 17727->17797 17737 7ff70e8a290d 17728->17737 17741 7ff70e8a29de 17728->17741 17729->17727 17729->17741 17748 7ff70e8a2938 17729->17748 17731 7ff70e8a29af 17730->17731 17732 7ff70e8a297c 17730->17732 17804 7ff70e8a0a60 17731->17804 17734 7ff70e8a291d 17732->17734 17740 7ff70e8a298b 17732->17740 17749 7ff70e8a2a0d 17734->17749 17783 7ff70e8a3224 17734->17783 17737->17734 17739 7ff70e8a2950 17737->17739 17737->17748 17739->17749 17793 7ff70e8a36e0 17739->17793 17740->17727 17743 7ff70e8a2990 17740->17743 17741->17749 17811 7ff70e8a1280 17741->17811 17745 7ff70e8a3878 37 API calls 17743->17745 17743->17749 17744 7ff70e89b870 _log10_special 8 API calls 17746 7ff70e8a2ca3 17744->17746 17745->17748 17746->17721 17748->17749 17818 7ff70e8adb68 17748->17818 17749->17744 17751 7ff70e8a2593 17750->17751 17752 7ff70e8a25a9 17750->17752 17753 7ff70e8a2902 17751->17753 17754 7ff70e8a2975 17751->17754 17755 7ff70e8a25e7 17751->17755 17752->17755 17756 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17752->17756 17757 7ff70e8a299f 17753->17757 17758 7ff70e8a2908 17753->17758 17759 7ff70e8a29cf 17754->17759 17760 7ff70e8a297a 17754->17760 17755->17721 17756->17755 17763 7ff70e8a0e70 38 API calls 17757->17763 17767 7ff70e8a290d 17758->17767 17771 7ff70e8a29de 17758->17771 17759->17757 17759->17771 17778 7ff70e8a2938 17759->17778 17761 7ff70e8a29af 17760->17761 17762 7ff70e8a297c 17760->17762 17765 7ff70e8a0a60 38 API calls 17761->17765 17764 7ff70e8a291d 17762->17764 17769 7ff70e8a298b 17762->17769 17763->17778 17766 7ff70e8a3224 47 API calls 17764->17766 17779 7ff70e8a2a0d 17764->17779 17765->17778 17766->17778 17767->17764 17770 7ff70e8a2950 17767->17770 17767->17778 17768 7ff70e8a1280 38 API calls 17768->17778 17769->17757 17773 7ff70e8a2990 17769->17773 17772 7ff70e8a36e0 47 API calls 17770->17772 17770->17779 17771->17768 17771->17779 17772->17778 17775 7ff70e8a3878 37 API calls 17773->17775 17773->17779 17774 7ff70e89b870 _log10_special 8 API calls 17776 7ff70e8a2ca3 17774->17776 17775->17778 17776->17721 17777 7ff70e8adb68 47 API calls 17777->17778 17778->17777 17778->17779 17779->17774 17828 7ff70e8a0034 17780->17828 17784 7ff70e8a3246 17783->17784 17785 7ff70e89fea0 12 API calls 17784->17785 17786 7ff70e8a328e 17785->17786 17787 7ff70e8ad880 46 API calls 17786->17787 17788 7ff70e8a3361 17787->17788 17789 7ff70e8a3ae0 45 API calls 17788->17789 17790 7ff70e8a3383 17788->17790 17789->17790 17791 7ff70e8a3ae0 45 API calls 17790->17791 17792 7ff70e8a340c 17790->17792 17791->17792 17792->17748 17794 7ff70e8a3760 17793->17794 17795 7ff70e8a36f8 17793->17795 17794->17748 17795->17794 17796 7ff70e8adb68 47 API calls 17795->17796 17796->17794 17798 7ff70e8a0ea3 17797->17798 17799 7ff70e8a0ed2 17798->17799 17801 7ff70e8a0f8f 17798->17801 17800 7ff70e89fea0 12 API calls 17799->17800 17803 7ff70e8a0f0f 17799->17803 17800->17803 17802 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17801->17802 17802->17803 17803->17748 17805 7ff70e8a0a93 17804->17805 17806 7ff70e8a0ac2 17805->17806 17808 7ff70e8a0b7f 17805->17808 17807 7ff70e89fea0 12 API calls 17806->17807 17810 7ff70e8a0aff 17806->17810 17807->17810 17809 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17808->17809 17809->17810 17810->17748 17812 7ff70e8a12b3 17811->17812 17813 7ff70e8a12e2 17812->17813 17815 7ff70e8a139f 17812->17815 17814 7ff70e89fea0 12 API calls 17813->17814 17817 7ff70e8a131f 17813->17817 17814->17817 17816 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17815->17816 17816->17817 17817->17748 17819 7ff70e8adb90 17818->17819 17820 7ff70e8adbd5 17819->17820 17821 7ff70e8a3ae0 45 API calls 17819->17821 17823 7ff70e8adbbe __scrt_get_show_window_mode 17819->17823 17827 7ff70e8adb95 __scrt_get_show_window_mode 17819->17827 17820->17823 17824 7ff70e8afaf8 WideCharToMultiByte 17820->17824 17820->17827 17821->17820 17822 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17822->17827 17823->17822 17823->17827 17825 7ff70e8adcb1 17824->17825 17826 7ff70e8adcc6 GetLastError 17825->17826 17825->17827 17826->17823 17826->17827 17827->17748 17829 7ff70e8a0061 17828->17829 17830 7ff70e8a0073 17828->17830 17831 7ff70e8a43f4 _get_daylight 11 API calls 17829->17831 17832 7ff70e8a0080 17830->17832 17838 7ff70e8a00bd 17830->17838 17833 7ff70e8a0066 17831->17833 17834 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 17832->17834 17835 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17833->17835 17837 7ff70e8a0071 17834->17837 17835->17837 17836 7ff70e8a0166 17836->17837 17840 7ff70e8a43f4 _get_daylight 11 API calls 17836->17840 17837->17721 17838->17836 17839 7ff70e8a43f4 _get_daylight 11 API calls 17838->17839 17841 7ff70e8a015b 17839->17841 17842 7ff70e8a0210 17840->17842 17843 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17841->17843 17844 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17842->17844 17843->17836 17844->17837 17849 7ff70e8adf4d 17845->17849 17846 7ff70e8adf52 17847 7ff70e8a44fd 17846->17847 17848 7ff70e8a43f4 _get_daylight 11 API calls 17846->17848 17847->17701 17847->17708 17850 7ff70e8adf5c 17848->17850 17849->17846 17849->17847 17852 7ff70e8adf9c 17849->17852 17851 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17850->17851 17851->17847 17852->17847 17853 7ff70e8a43f4 _get_daylight 11 API calls 17852->17853 17853->17850 17855 7ff70e8a7555 17854->17855 17856 7ff70e8a7568 17854->17856 17857 7ff70e8a43f4 _get_daylight 11 API calls 17855->17857 17864 7ff70e8a71cc 17856->17864 17859 7ff70e8a755a 17857->17859 17861 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 17859->17861 17862 7ff70e8a7566 17861->17862 17862->17036 17871 7ff70e8af5e8 EnterCriticalSection 17864->17871 17873 7ff70e897b91 GetTokenInformation 17872->17873 17874 7ff70e897c13 __std_exception_destroy 17872->17874 17875 7ff70e897bb2 GetLastError 17873->17875 17876 7ff70e897bbd 17873->17876 17877 7ff70e897c26 CloseHandle 17874->17877 17878 7ff70e897c2c 17874->17878 17875->17874 17875->17876 17876->17874 17879 7ff70e897bd9 GetTokenInformation 17876->17879 17877->17878 17878->17045 17879->17874 17880 7ff70e897bfc 17879->17880 17880->17874 17881 7ff70e897c06 ConvertSidToStringSidW 17880->17881 17881->17874 18058 7ff70e893f70 108 API calls 18057->18058 18059 7ff70e891463 18058->18059 18060 7ff70e89146b 18059->18060 18061 7ff70e89148c 18059->18061 18062 7ff70e8925f0 53 API calls 18060->18062 18063 7ff70e89f9f4 73 API calls 18061->18063 18064 7ff70e89147b 18062->18064 18065 7ff70e8914a1 18063->18065 18064->17104 18066 7ff70e8914c1 18065->18066 18067 7ff70e8914a5 18065->18067 18069 7ff70e8914f1 18066->18069 18070 7ff70e8914d1 18066->18070 18068 7ff70e892760 53 API calls 18067->18068 18076 7ff70e8914bc __std_exception_destroy 18068->18076 18072 7ff70e8914f7 18069->18072 18078 7ff70e89150a 18069->18078 18071 7ff70e892760 53 API calls 18070->18071 18071->18076 18081 7ff70e8911f0 18072->18081 18073 7ff70e89f36c 74 API calls 18075 7ff70e891584 18073->18075 18075->17104 18076->18073 18077 7ff70e89f6bc _fread_nolock 53 API calls 18077->18078 18078->18076 18078->18077 18079 7ff70e891596 18078->18079 18080 7ff70e892760 53 API calls 18079->18080 18080->18076 18082 7ff70e891248 18081->18082 18083 7ff70e89124f 18082->18083 18084 7ff70e891277 18082->18084 18119 7ff70e893f1a 18118->18119 18120 7ff70e8986b0 2 API calls 18119->18120 18121 7ff70e893f3f 18120->18121 18122 7ff70e89b870 _log10_special 8 API calls 18121->18122 18123 7ff70e893f67 18122->18123 18123->17129 18125 7ff70e89753e 18124->18125 18126 7ff70e891bf0 49 API calls 18125->18126 18129 7ff70e897662 18125->18129 18132 7ff70e8975c5 18126->18132 18127 7ff70e89b870 _log10_special 8 API calls 18128 7ff70e897693 18127->18128 18128->17129 18129->18127 18130 7ff70e891bf0 49 API calls 18130->18132 18131 7ff70e893f10 10 API calls 18131->18132 18132->18129 18132->18130 18132->18131 18133 7ff70e8986b0 2 API calls 18132->18133 18134 7ff70e897633 CreateDirectoryW 18133->18134 18134->18129 18134->18132 18136 7ff70e8915d3 18135->18136 18137 7ff70e8915f7 18135->18137 18224 7ff70e891050 18136->18224 18138 7ff70e893f70 108 API calls 18137->18138 18140 7ff70e89160b 18138->18140 18142 7ff70e891613 18140->18142 18143 7ff70e89163b 18140->18143 18145 7ff70e892760 53 API calls 18142->18145 18146 7ff70e893f70 108 API calls 18143->18146 18148 7ff70e89162a 18145->18148 18149 7ff70e89164f 18146->18149 18148->17129 18174 7ff70e89694b 18173->18174 18176 7ff70e896904 18173->18176 18174->17129 18176->18174 18263 7ff70e8a4250 18176->18263 18178 7ff70e893b51 18177->18178 18179 7ff70e893e90 49 API calls 18178->18179 18180 7ff70e893b8b 18179->18180 18181 7ff70e893e90 49 API calls 18180->18181 18182 7ff70e893b9b 18181->18182 18183 7ff70e893bec 18182->18183 18184 7ff70e893bbd 18182->18184 18186 7ff70e893ac0 51 API calls 18183->18186 18278 7ff70e893ac0 18184->18278 18222 7ff70e891bf0 49 API calls 18221->18222 18223 7ff70e893e24 18222->18223 18223->17129 18225 7ff70e893f70 108 API calls 18224->18225 18226 7ff70e89108b 18225->18226 18227 7ff70e891093 18226->18227 18228 7ff70e8910a8 18226->18228 18230 7ff70e8925f0 53 API calls 18227->18230 18229 7ff70e89f9f4 73 API calls 18228->18229 18264 7ff70e8a428a 18263->18264 18265 7ff70e8a425d 18263->18265 18266 7ff70e8a42ad 18264->18266 18269 7ff70e8a42c9 18264->18269 18267 7ff70e8a43f4 _get_daylight 11 API calls 18265->18267 18274 7ff70e8a4214 18265->18274 18268 7ff70e8a43f4 _get_daylight 11 API calls 18266->18268 18270 7ff70e8a4267 18267->18270 18271 7ff70e8a42b2 18268->18271 18272 7ff70e8a4178 45 API calls 18269->18272 18273 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 18270->18273 18275 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 18271->18275 18276 7ff70e8a42bd 18272->18276 18274->18176 18275->18276 18276->18176 18342 7ff70e8a51d8 18341->18342 18343 7ff70e8a51fe 18342->18343 18346 7ff70e8a5231 18342->18346 18344 7ff70e8a43f4 _get_daylight 11 API calls 18343->18344 18345 7ff70e8a5203 18344->18345 18347 7ff70e8a9bf0 _invalid_parameter_noinfo 37 API calls 18345->18347 18348 7ff70e8a5244 18346->18348 18349 7ff70e8a5237 18346->18349 18352 7ff70e893fc6 18347->18352 18360 7ff70e8a9f38 18348->18360 18350 7ff70e8a43f4 _get_daylight 11 API calls 18349->18350 18350->18352 18352->17156 18373 7ff70e8af5e8 EnterCriticalSection 18360->18373 18733 7ff70e8a6c08 18732->18733 18736 7ff70e8a66e4 18733->18736 18735 7ff70e8a6c21 18735->17166 18737 7ff70e8a66ff 18736->18737 18738 7ff70e8a672e 18736->18738 18739 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 18737->18739 18746 7ff70e8a477c EnterCriticalSection 18738->18746 18741 7ff70e8a671f 18739->18741 18741->18735 18748 7ff70e89f163 18747->18748 18750 7ff70e89f191 18747->18750 18749 7ff70e8a9b24 _invalid_parameter_noinfo 37 API calls 18748->18749 18751 7ff70e89f183 18749->18751 18750->18751 18757 7ff70e8a477c EnterCriticalSection 18750->18757 18751->17170 18759 7ff70e8986b0 2 API calls 18758->18759 18760 7ff70e8981b4 LoadLibraryExW 18759->18760 18761 7ff70e8981d3 __std_exception_destroy 18760->18761 18761->17200 18763 7ff70e896ef3 GetProcAddress 18762->18763 18764 7ff70e896ec9 18762->18764 18763->18764 18828 7ff70e895b05 18827->18828 18829 7ff70e891bf0 49 API calls 18828->18829 18830 7ff70e895b41 18829->18830 18831 7ff70e895b4a 18830->18831 18832 7ff70e895b6d 18830->18832 18833 7ff70e8925f0 53 API calls 18831->18833 18834 7ff70e893fe0 49 API calls 18832->18834 18851 7ff70e895b63 18833->18851 18835 7ff70e895b85 18834->18835 18836 7ff70e895ba3 18835->18836 18837 7ff70e8925f0 53 API calls 18835->18837 18838 7ff70e893f10 10 API calls 18836->18838 18837->18836 18840 7ff70e895bad 18838->18840 18839 7ff70e89b870 _log10_special 8 API calls 18841 7ff70e89308e 18839->18841 18842 7ff70e895bbb 18840->18842 18843 7ff70e8981a0 3 API calls 18840->18843 18841->17240 18858 7ff70e895c80 18841->18858 18844 7ff70e893fe0 49 API calls 18842->18844 18843->18842 18845 7ff70e895bd4 18844->18845 18846 7ff70e895bf9 18845->18846 18847 7ff70e895bd9 18845->18847 18849 7ff70e8981a0 3 API calls 18846->18849 18848 7ff70e8925f0 53 API calls 18847->18848 18848->18851 18851->18839 18997 7ff70e894c80 18858->18997 18860 7ff70e895cba 18999 7ff70e894cac 18997->18999 18998 7ff70e894cb4 18998->18860 18999->18998 19002 7ff70e894e54 18999->19002 19035 7ff70e8a5db4 18999->19035 19000 7ff70e895017 __std_exception_destroy 19000->18860 19001 7ff70e894180 47 API calls 19001->19002 19002->19000 19002->19001 19036 7ff70e8a5de4 19035->19036 19039 7ff70e8a52b0 19036->19039 19100->17244 19663 7ff70e8ba10e 19664 7ff70e8ba11d 19663->19664 19666 7ff70e8ba127 19663->19666 19667 7ff70e8af648 LeaveCriticalSection 19664->19667 15623 7ff70e89ae00 15624 7ff70e89ae2e 15623->15624 15625 7ff70e89ae15 15623->15625 15625->15624 15628 7ff70e8ac90c 15625->15628 15629 7ff70e8ac957 15628->15629 15633 7ff70e8ac91b _get_daylight 15628->15633 15638 7ff70e8a43f4 15629->15638 15630 7ff70e8ac93e HeapAlloc 15632 7ff70e89ae8e 15630->15632 15630->15633 15633->15629 15633->15630 15635 7ff70e8b28a0 15633->15635 15641 7ff70e8b28e0 15635->15641 15647 7ff70e8aa5d8 GetLastError 15638->15647 15640 7ff70e8a43fd 15640->15632 15646 7ff70e8af5e8 EnterCriticalSection 15641->15646 15648 7ff70e8aa619 FlsSetValue 15647->15648 15654 7ff70e8aa5fc 15647->15654 15649 7ff70e8aa609 SetLastError 15648->15649 15650 7ff70e8aa62b 15648->15650 15649->15640 15664 7ff70e8adea8 15650->15664 15654->15648 15654->15649 15655 7ff70e8aa658 FlsSetValue 15658 7ff70e8aa676 15655->15658 15659 7ff70e8aa664 FlsSetValue 15655->15659 15656 7ff70e8aa648 FlsSetValue 15657 7ff70e8aa651 15656->15657 15671 7ff70e8a9c58 15657->15671 15677 7ff70e8aa204 15658->15677 15659->15657 15670 7ff70e8adeb9 _get_daylight 15664->15670 15665 7ff70e8adf0a 15667 7ff70e8a43f4 _get_daylight 10 API calls 15665->15667 15666 7ff70e8adeee HeapAlloc 15668 7ff70e8aa63a 15666->15668 15666->15670 15667->15668 15668->15655 15668->15656 15669 7ff70e8b28a0 _get_daylight 2 API calls 15669->15670 15670->15665 15670->15666 15670->15669 15672 7ff70e8a9c8c 15671->15672 15673 7ff70e8a9c5d RtlFreeHeap 15671->15673 15672->15649 15673->15672 15674 7ff70e8a9c78 GetLastError 15673->15674 15675 7ff70e8a9c85 __free_lconv_mon 15674->15675 15676 7ff70e8a43f4 _get_daylight 9 API calls 15675->15676 15676->15672 15682 7ff70e8aa0dc 15677->15682 15694 7ff70e8af5e8 EnterCriticalSection 15682->15694 16078 7ff70e8a8c79 16090 7ff70e8a96e8 16078->16090 16091 7ff70e8aa460 __CxxCallCatchBlock 45 API calls 16090->16091 16092 7ff70e8a96f1 16091->16092 16093 7ff70e8a9814 __CxxCallCatchBlock 45 API calls 16092->16093 16094 7ff70e8a9711 16093->16094 20144 7ff70e8ba079 20147 7ff70e8a4788 LeaveCriticalSection 20144->20147

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00007FF70E891000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 7ff70e891000-7ff70e893536 call 7ff70e89f138 call 7ff70e89f140 call 7ff70e89bb70 call 7ff70e8a4700 call 7ff70e8a4794 call 7ff70e8933e0 14 7ff70e893544-7ff70e893566 call 7ff70e8918f0 0->14 15 7ff70e893538-7ff70e89353f 0->15 21 7ff70e893736-7ff70e89374c call 7ff70e893f70 14->21 22 7ff70e89356c-7ff70e893583 call 7ff70e891bf0 14->22 16 7ff70e89371a-7ff70e893735 call 7ff70e89b870 15->16 29 7ff70e893785-7ff70e89379a call 7ff70e8925f0 21->29 30 7ff70e89374e-7ff70e89377b call 7ff70e8976a0 21->30 25 7ff70e893588-7ff70e8935c1 22->25 27 7ff70e893653-7ff70e89366d call 7ff70e897e10 25->27 28 7ff70e8935c7-7ff70e8935cb 25->28 44 7ff70e89366f-7ff70e893675 27->44 45 7ff70e893695-7ff70e89369c 27->45 32 7ff70e893638-7ff70e89364d call 7ff70e8918e0 28->32 33 7ff70e8935cd-7ff70e8935e5 call 7ff70e8a4560 28->33 47 7ff70e893712 29->47 41 7ff70e89379f-7ff70e8937be call 7ff70e891bf0 30->41 42 7ff70e89377d-7ff70e893780 call 7ff70e89f36c 30->42 32->27 32->28 52 7ff70e8935f2-7ff70e89360a call 7ff70e8a4560 33->52 53 7ff70e8935e7-7ff70e8935eb 33->53 61 7ff70e8937c1-7ff70e8937ca 41->61 42->29 50 7ff70e893682-7ff70e893690 call 7ff70e8a415c 44->50 51 7ff70e893677-7ff70e893680 44->51 54 7ff70e8936a2-7ff70e8936c0 call 7ff70e897e10 call 7ff70e897f80 45->54 55 7ff70e893844-7ff70e893863 call 7ff70e893e90 45->55 47->16 50->45 51->50 66 7ff70e893617-7ff70e89362f call 7ff70e8a4560 52->66 67 7ff70e89360c-7ff70e893610 52->67 53->52 80 7ff70e89380f-7ff70e89381e call 7ff70e898400 54->80 81 7ff70e8936c6-7ff70e8936c9 54->81 69 7ff70e893871-7ff70e893882 call 7ff70e891bf0 55->69 70 7ff70e893865-7ff70e89386f call 7ff70e893fe0 55->70 61->61 65 7ff70e8937cc-7ff70e8937e9 call 7ff70e8918f0 61->65 65->25 85 7ff70e8937ef-7ff70e893800 call 7ff70e8925f0 65->85 66->32 86 7ff70e893631 66->86 67->66 77 7ff70e893887-7ff70e8938a1 call 7ff70e8986b0 69->77 70->77 94 7ff70e8938af-7ff70e8938c1 SetDllDirectoryW 77->94 95 7ff70e8938a3 77->95 92 7ff70e893820 80->92 93 7ff70e89382c-7ff70e89382f call 7ff70e897c40 80->93 81->80 82 7ff70e8936cf-7ff70e8936f6 call 7ff70e891bf0 81->82 97 7ff70e893805-7ff70e89380d call 7ff70e8a415c 82->97 98 7ff70e8936fc-7ff70e893703 call 7ff70e8925f0 82->98 85->47 86->32 92->93 104 7ff70e893834-7ff70e893836 93->104 100 7ff70e8938d0-7ff70e8938ec call 7ff70e896560 call 7ff70e896b00 94->100 101 7ff70e8938c3-7ff70e8938ca 94->101 95->94 97->77 108 7ff70e893708-7ff70e89370a 98->108 117 7ff70e893947-7ff70e89394a call 7ff70e896510 100->117 118 7ff70e8938ee-7ff70e8938f4 100->118 101->100 105 7ff70e893a50-7ff70e893a58 101->105 104->77 111 7ff70e893838 104->111 109 7ff70e893a5a-7ff70e893a77 PostMessageW GetMessageW 105->109 110 7ff70e893a7d-7ff70e893aaf call 7ff70e8933d0 call 7ff70e893080 call 7ff70e8933a0 call 7ff70e896780 call 7ff70e896510 105->110 108->47 109->110 111->55 125 7ff70e89394f-7ff70e893956 117->125 120 7ff70e8938f6-7ff70e893903 call 7ff70e8965a0 118->120 121 7ff70e89390e-7ff70e893918 call 7ff70e896970 118->121 120->121 132 7ff70e893905-7ff70e89390c 120->132 134 7ff70e893923-7ff70e893931 call 7ff70e896cd0 121->134 135 7ff70e89391a-7ff70e893921 121->135 125->105 129 7ff70e89395c-7ff70e893966 call 7ff70e8930e0 125->129 129->108 142 7ff70e89396c-7ff70e893980 call 7ff70e8983e0 129->142 138 7ff70e89393a-7ff70e893942 call 7ff70e892870 call 7ff70e896780 132->138 134->125 147 7ff70e893933 134->147 135->138 138->117 151 7ff70e893982-7ff70e89399f PostMessageW GetMessageW 142->151 152 7ff70e8939a5-7ff70e8939e1 call 7ff70e897f20 call 7ff70e897fc0 call 7ff70e896780 call 7ff70e896510 call 7ff70e897ec0 142->152 147->138 151->152 162 7ff70e8939e6-7ff70e8939e8 152->162 163 7ff70e8939ea-7ff70e893a00 call 7ff70e8981f0 call 7ff70e897ec0 162->163 164 7ff70e893a3d-7ff70e893a4b call 7ff70e8918a0 162->164 163->164 171 7ff70e893a02-7ff70e893a10 163->171 164->108 172 7ff70e893a31-7ff70e893a38 call 7ff70e892870 171->172 173 7ff70e893a12-7ff70e893a2c call 7ff70e8925f0 call 7ff70e8918a0 171->173 172->164 173->108
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                  • API String ID: 514040917-585287483
                                                                                                                                                                                                                  • Opcode ID: a5f7492e06fd6c7b6e3403bdd690060db9558d14b64228a0cdef0897f7d6b515
                                                                                                                                                                                                                  • Instruction ID: 0bf33f98475e92c2319e88f0d7bd6a6740c331d801c4e57cee728f42fc92b02f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5f7492e06fd6c7b6e3403bdd690060db9558d14b64228a0cdef0897f7d6b515
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF16C21F08A82A1FA19FB61DD54AF9E251AF55780FC86032DA5D436D6EF2CF578C320
                                                                                                                                                                                                                  Function 00007FF70E8B4F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 305 7ff70e8b4f10-7ff70e8b4f4b call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 312 7ff70e8b4f51-7ff70e8b4f5c call 7ff70e8b48a8 305->312 313 7ff70e8b5175-7ff70e8b51c1 call 7ff70e8a9c10 call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 305->313 312->313 319 7ff70e8b4f62-7ff70e8b4f6c 312->319 339 7ff70e8b52ff-7ff70e8b536d call 7ff70e8a9c10 call 7ff70e8b0888 313->339 340 7ff70e8b51c7-7ff70e8b51d2 call 7ff70e8b48a8 313->340 321 7ff70e8b4f8e-7ff70e8b4f92 319->321 322 7ff70e8b4f6e-7ff70e8b4f71 319->322 324 7ff70e8b4f95-7ff70e8b4f9d 321->324 323 7ff70e8b4f74-7ff70e8b4f7f 322->323 326 7ff70e8b4f81-7ff70e8b4f88 323->326 327 7ff70e8b4f8a-7ff70e8b4f8c 323->327 324->324 328 7ff70e8b4f9f-7ff70e8b4fb2 call 7ff70e8ac90c 324->328 326->323 326->327 327->321 330 7ff70e8b4fbb-7ff70e8b4fc9 327->330 335 7ff70e8b4fb4-7ff70e8b4fb6 call 7ff70e8a9c58 328->335 336 7ff70e8b4fca-7ff70e8b4fd6 call 7ff70e8a9c58 328->336 335->330 347 7ff70e8b4fdd-7ff70e8b4fe5 336->347 359 7ff70e8b536f-7ff70e8b5376 339->359 360 7ff70e8b537b-7ff70e8b537e 339->360 340->339 349 7ff70e8b51d8-7ff70e8b51e3 call 7ff70e8b48d8 340->349 347->347 350 7ff70e8b4fe7-7ff70e8b4ff8 call 7ff70e8af784 347->350 349->339 357 7ff70e8b51e9-7ff70e8b520c call 7ff70e8a9c58 GetTimeZoneInformation 349->357 350->313 358 7ff70e8b4ffe-7ff70e8b5054 call 7ff70e8b97e0 * 4 call 7ff70e8b4e2c 350->358 371 7ff70e8b5212-7ff70e8b5233 357->371 372 7ff70e8b52d4-7ff70e8b52fe call 7ff70e8b4890 call 7ff70e8b4880 call 7ff70e8b4888 357->372 417 7ff70e8b5056-7ff70e8b505a 358->417 363 7ff70e8b540b-7ff70e8b540e 359->363 364 7ff70e8b5380 360->364 365 7ff70e8b53b5-7ff70e8b53c8 call 7ff70e8ac90c 360->365 368 7ff70e8b5383 363->368 369 7ff70e8b5414-7ff70e8b541c call 7ff70e8b4f10 363->369 364->368 384 7ff70e8b53d3-7ff70e8b53ee call 7ff70e8b0888 365->384 385 7ff70e8b53ca 365->385 374 7ff70e8b5388-7ff70e8b53b4 call 7ff70e8a9c58 call 7ff70e89b870 368->374 375 7ff70e8b5383 call 7ff70e8b518c 368->375 369->374 378 7ff70e8b5235-7ff70e8b523b 371->378 379 7ff70e8b523e-7ff70e8b5245 371->379 375->374 378->379 387 7ff70e8b5259 379->387 388 7ff70e8b5247-7ff70e8b524f 379->388 401 7ff70e8b53f0-7ff70e8b53f3 384->401 402 7ff70e8b53f5-7ff70e8b5407 call 7ff70e8a9c58 384->402 392 7ff70e8b53cc-7ff70e8b53d1 call 7ff70e8a9c58 385->392 398 7ff70e8b525b-7ff70e8b52cf call 7ff70e8b97e0 * 4 call 7ff70e8b1e6c call 7ff70e8b5424 * 2 387->398 388->387 395 7ff70e8b5251-7ff70e8b5257 388->395 392->364 395->398 398->372 401->392 402->363 419 7ff70e8b5060-7ff70e8b5064 417->419 420 7ff70e8b505c 417->420 419->417 422 7ff70e8b5066-7ff70e8b508b call 7ff70e8a5e68 419->422 420->419 428 7ff70e8b508e-7ff70e8b5092 422->428 430 7ff70e8b50a1-7ff70e8b50a5 428->430 431 7ff70e8b5094-7ff70e8b509f 428->431 430->428 431->430 433 7ff70e8b50a7-7ff70e8b50ab 431->433 436 7ff70e8b50ad-7ff70e8b50d5 call 7ff70e8a5e68 433->436 437 7ff70e8b512c-7ff70e8b5130 433->437 445 7ff70e8b50f3-7ff70e8b50f7 436->445 446 7ff70e8b50d7 436->446 438 7ff70e8b5132-7ff70e8b5134 437->438 439 7ff70e8b5137-7ff70e8b5144 437->439 438->439 441 7ff70e8b515f-7ff70e8b516e call 7ff70e8b4890 call 7ff70e8b4880 439->441 442 7ff70e8b5146-7ff70e8b515c call 7ff70e8b4e2c 439->442 441->313 442->441 445->437 451 7ff70e8b50f9-7ff70e8b5117 call 7ff70e8a5e68 445->451 449 7ff70e8b50da-7ff70e8b50e1 446->449 449->445 452 7ff70e8b50e3-7ff70e8b50f1 449->452 457 7ff70e8b5123-7ff70e8b512a 451->457 452->445 452->449 457->437 458 7ff70e8b5119-7ff70e8b511d 457->458 458->437 459 7ff70e8b511f 458->459 459->457
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B4F55
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48BC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF70E8A9BEF,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8A9C19
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF70E8A9BEF,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8A9C3E
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B4F44
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B491C
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51BA
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51CB
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51DC
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF70E8B541C), ref: 00007FF70E8B5203
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                                  • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                  • Instruction ID: 84bd35e51ab4b91fdc3ea77f1078092b605bd44447c78b5427463b729f09a457
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D1C326E0864286E724BF25DC419B9E792EF84784FC46036DA9D476D6EF3CE461C360
                                                                                                                                                                                                                  Function 00007FF70E8B5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 490 7ff70e8b5c74-7ff70e8b5ce7 call 7ff70e8b59a8 493 7ff70e8b5d01-7ff70e8b5d0b call 7ff70e8a7830 490->493 494 7ff70e8b5ce9-7ff70e8b5cf2 call 7ff70e8a43d4 490->494 500 7ff70e8b5d26-7ff70e8b5d8f CreateFileW 493->500 501 7ff70e8b5d0d-7ff70e8b5d24 call 7ff70e8a43d4 call 7ff70e8a43f4 493->501 499 7ff70e8b5cf5-7ff70e8b5cfc call 7ff70e8a43f4 494->499 517 7ff70e8b6042-7ff70e8b6062 499->517 502 7ff70e8b5d91-7ff70e8b5d97 500->502 503 7ff70e8b5e0c-7ff70e8b5e17 GetFileType 500->503 501->499 506 7ff70e8b5dd9-7ff70e8b5e07 GetLastError call 7ff70e8a4368 502->506 507 7ff70e8b5d99-7ff70e8b5d9d 502->507 509 7ff70e8b5e19-7ff70e8b5e54 GetLastError call 7ff70e8a4368 CloseHandle 503->509 510 7ff70e8b5e6a-7ff70e8b5e71 503->510 506->499 507->506 515 7ff70e8b5d9f-7ff70e8b5dd7 CreateFileW 507->515 509->499 525 7ff70e8b5e5a-7ff70e8b5e65 call 7ff70e8a43f4 509->525 513 7ff70e8b5e73-7ff70e8b5e77 510->513 514 7ff70e8b5e79-7ff70e8b5e7c 510->514 520 7ff70e8b5e82-7ff70e8b5ed7 call 7ff70e8a7748 513->520 514->520 521 7ff70e8b5e7e 514->521 515->503 515->506 528 7ff70e8b5ef6-7ff70e8b5f27 call 7ff70e8b5728 520->528 529 7ff70e8b5ed9-7ff70e8b5ee5 call 7ff70e8b5bb0 520->529 521->520 525->499 535 7ff70e8b5f29-7ff70e8b5f2b 528->535 536 7ff70e8b5f2d-7ff70e8b5f6f 528->536 529->528 537 7ff70e8b5ee7 529->537 538 7ff70e8b5ee9-7ff70e8b5ef1 call 7ff70e8a9dd0 535->538 539 7ff70e8b5f91-7ff70e8b5f9c 536->539 540 7ff70e8b5f71-7ff70e8b5f75 536->540 537->538 538->517 542 7ff70e8b5fa2-7ff70e8b5fa6 539->542 543 7ff70e8b6040 539->543 540->539 541 7ff70e8b5f77-7ff70e8b5f8c 540->541 541->539 542->543 545 7ff70e8b5fac-7ff70e8b5ff1 CloseHandle CreateFileW 542->545 543->517 547 7ff70e8b6026-7ff70e8b603b 545->547 548 7ff70e8b5ff3-7ff70e8b6021 GetLastError call 7ff70e8a4368 call 7ff70e8a7970 545->548 547->543 548->547
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                  • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                  • Instruction ID: 62fc2163feb08c4b1ce82b949d0db8047d0f870b058d285b438cb83505717d6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1C1C332B28A4186EB10DF65C890AAC7762FF49B98B452235DE6E977D4DF38D461C310
                                                                                                                                                                                                                  Function 00007FF70E8979B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897A1B
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897A9E
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897ABD
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897ACB
                                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897ADC
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF70E897EF9,00007FF70E8939E6), ref: 00007FF70E897AE5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                                  • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                  • Instruction ID: 2df38e471e9c8b870c73564627a2365fc4bc5c1db0fa1ac284e2f9e22b66c7b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A141B221E1C98295EA20BB24EC449BDA3A1FF94750FC82232E59D476D4DF3DE65AC720
                                                                                                                                                                                                                  Function 00007FF70E8B518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 840 7ff70e8b518c-7ff70e8b51c1 call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 847 7ff70e8b52ff-7ff70e8b536d call 7ff70e8a9c10 call 7ff70e8b0888 840->847 848 7ff70e8b51c7-7ff70e8b51d2 call 7ff70e8b48a8 840->848 860 7ff70e8b536f-7ff70e8b5376 847->860 861 7ff70e8b537b-7ff70e8b537e 847->861 848->847 854 7ff70e8b51d8-7ff70e8b51e3 call 7ff70e8b48d8 848->854 854->847 859 7ff70e8b51e9-7ff70e8b520c call 7ff70e8a9c58 GetTimeZoneInformation 854->859 870 7ff70e8b5212-7ff70e8b5233 859->870 871 7ff70e8b52d4-7ff70e8b52fe call 7ff70e8b4890 call 7ff70e8b4880 call 7ff70e8b4888 859->871 863 7ff70e8b540b-7ff70e8b540e 860->863 864 7ff70e8b5380 861->864 865 7ff70e8b53b5-7ff70e8b53c8 call 7ff70e8ac90c 861->865 867 7ff70e8b5383 863->867 868 7ff70e8b5414-7ff70e8b541c call 7ff70e8b4f10 863->868 864->867 881 7ff70e8b53d3-7ff70e8b53ee call 7ff70e8b0888 865->881 882 7ff70e8b53ca 865->882 872 7ff70e8b5388-7ff70e8b53b4 call 7ff70e8a9c58 call 7ff70e89b870 867->872 873 7ff70e8b5383 call 7ff70e8b518c 867->873 868->872 876 7ff70e8b5235-7ff70e8b523b 870->876 877 7ff70e8b523e-7ff70e8b5245 870->877 873->872 876->877 884 7ff70e8b5259 877->884 885 7ff70e8b5247-7ff70e8b524f 877->885 896 7ff70e8b53f0-7ff70e8b53f3 881->896 897 7ff70e8b53f5-7ff70e8b5407 call 7ff70e8a9c58 881->897 888 7ff70e8b53cc-7ff70e8b53d1 call 7ff70e8a9c58 882->888 893 7ff70e8b525b-7ff70e8b52cf call 7ff70e8b97e0 * 4 call 7ff70e8b1e6c call 7ff70e8b5424 * 2 884->893 885->884 891 7ff70e8b5251-7ff70e8b5257 885->891 888->864 891->893 893->871 896->888 897->863
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51BA
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B491C
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51CB
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48BC
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51DC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48EC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF70E8B541C), ref: 00007FF70E8B5203
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                                  • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                  • Instruction ID: 89775383cc8575387a198de3593a39069f9e01af823ae4f581689a5ec7daae73
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB519232A186428AE710FF21EC819A9E361FF88784FC46136DA9D476D6DF3CE4608760
                                                                                                                                                                                                                  Function 00007FF70E8985A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                  • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                  • Instruction ID: fc2539d33fa22abe95fee1b7db85de8ced873cd84b358538242530d32122af0d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF06822A1974286F7609F60B889B66B350FF45768F841339D96E066D4DF3CE0698A14
                                                                                                                                                                                                                  Function 00007FF70E8AFBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                                  • Opcode ID: 2b6c2d1e4c043c62936e9dac6caf21e199e31a345cf4845f2c7219b702089de4
                                                                                                                                                                                                                  • Instruction ID: b7fe6a2fe08030ee09d605fc50f591bfbb933fcc6d73499026b80cb18363a0bd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b6c2d1e4c043c62936e9dac6caf21e199e31a345cf4845f2c7219b702089de4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69029421B1DA4380FA65BB12AC01E7AD684AF51B90FD87635DEAD4A3D1DF7CA4318320
                                                                                                                                                                                                                  Function 00007FF70E8918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 179 7ff70e8918f0-7ff70e89192b call 7ff70e893f70 182 7ff70e891bc1-7ff70e891be5 call 7ff70e89b870 179->182 183 7ff70e891931-7ff70e891971 call 7ff70e8976a0 179->183 188 7ff70e891977-7ff70e891987 call 7ff70e89f9f4 183->188 189 7ff70e891bae-7ff70e891bb1 call 7ff70e89f36c 183->189 194 7ff70e8919a1-7ff70e8919bd call 7ff70e89f6bc 188->194 195 7ff70e891989-7ff70e89199c call 7ff70e892760 188->195 192 7ff70e891bb6-7ff70e891bbe 189->192 192->182 200 7ff70e8919bf-7ff70e8919d2 call 7ff70e892760 194->200 201 7ff70e8919d7-7ff70e8919ec call 7ff70e8a4154 194->201 195->189 200->189 206 7ff70e891a06-7ff70e891a90 call 7ff70e891bf0 * 2 call 7ff70e89f9f4 call 7ff70e8a4170 201->206 207 7ff70e8919ee-7ff70e891a01 call 7ff70e892760 201->207 217 7ff70e891a95-7ff70e891a9f 206->217 207->189 218 7ff70e891aa1-7ff70e891ab4 call 7ff70e892760 217->218 219 7ff70e891ab9-7ff70e891ad2 call 7ff70e89f6bc 217->219 218->189 224 7ff70e891ad4-7ff70e891ae7 call 7ff70e892760 219->224 225 7ff70e891aec-7ff70e891b08 call 7ff70e89f430 219->225 224->189 230 7ff70e891b0a-7ff70e891b16 call 7ff70e8925f0 225->230 231 7ff70e891b1b-7ff70e891b29 225->231 230->189 231->189 233 7ff70e891b2f-7ff70e891b3e 231->233 235 7ff70e891b40-7ff70e891b46 233->235 236 7ff70e891b60-7ff70e891b6f 235->236 237 7ff70e891b48-7ff70e891b55 235->237 236->236 238 7ff70e891b71-7ff70e891b7a 236->238 237->238 239 7ff70e891b8f 238->239 240 7ff70e891b7c-7ff70e891b7f 238->240 242 7ff70e891b91-7ff70e891bac 239->242 240->239 241 7ff70e891b81-7ff70e891b84 240->241 241->239 243 7ff70e891b86-7ff70e891b89 241->243 242->189 242->235 243->239 244 7ff70e891b8b-7ff70e891b8d 243->244 244->242
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _fread_nolock$Message
                                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                  • API String ID: 677216364-3497178890
                                                                                                                                                                                                                  • Opcode ID: 85bf2d394446fd1dc2c70438558d7c67ee10849c178395b4f992d32de0ca9c23
                                                                                                                                                                                                                  • Instruction ID: 81e0e235d2b429fea19210c377313285496dfedcbc3b965853240d2d0198ace1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85bf2d394446fd1dc2c70438558d7c67ee10849c178395b4f992d32de0ca9c23
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4071B231F1E68785EB20AB14E844AB9A391FF44784F886035E98D477D9EF6CF5648720
                                                                                                                                                                                                                  Function 00007FF70E8915C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 245 7ff70e8915c0-7ff70e8915d1 246 7ff70e8915d3-7ff70e8915dc call 7ff70e891050 245->246 247 7ff70e8915f7-7ff70e891611 call 7ff70e893f70 245->247 254 7ff70e8915ee-7ff70e8915f6 246->254 255 7ff70e8915de-7ff70e8915e9 call 7ff70e8925f0 246->255 252 7ff70e891613-7ff70e89163a call 7ff70e892760 247->252 253 7ff70e89163b-7ff70e891655 call 7ff70e893f70 247->253 261 7ff70e891671-7ff70e891688 call 7ff70e89f9f4 253->261 262 7ff70e891657-7ff70e89166c call 7ff70e8925f0 253->262 255->254 268 7ff70e89168a-7ff70e8916a6 call 7ff70e892760 261->268 269 7ff70e8916ab-7ff70e8916af 261->269 267 7ff70e8917c5-7ff70e8917c8 call 7ff70e89f36c 262->267 275 7ff70e8917cd-7ff70e8917df 267->275 278 7ff70e8917bd-7ff70e8917c0 call 7ff70e89f36c 268->278 272 7ff70e8916b1-7ff70e8916bd call 7ff70e8911f0 269->272 273 7ff70e8916c9-7ff70e8916e9 call 7ff70e8a4170 269->273 279 7ff70e8916c2-7ff70e8916c4 272->279 282 7ff70e8916eb-7ff70e891707 call 7ff70e892760 273->282 283 7ff70e89170c-7ff70e891717 273->283 278->267 279->278 290 7ff70e8917b3-7ff70e8917b8 282->290 285 7ff70e8917a6-7ff70e8917ae call 7ff70e8a415c 283->285 286 7ff70e89171d-7ff70e891726 283->286 285->290 289 7ff70e891730-7ff70e891752 call 7ff70e89f6bc 286->289 294 7ff70e891754-7ff70e89176c call 7ff70e89fdfc 289->294 295 7ff70e891785-7ff70e89178c 289->295 290->278 300 7ff70e891775-7ff70e891783 294->300 301 7ff70e89176e-7ff70e891771 294->301 297 7ff70e891793-7ff70e89179c call 7ff70e892760 295->297 304 7ff70e8917a1 297->304 300->297 301->289 303 7ff70e891773 301->303 303->304 304->285
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                  • Opcode ID: 8da1356b980ad99f90ff16109f9d3581799c9c6d40cac0b91caa3627f7736f04
                                                                                                                                                                                                                  • Instruction ID: 3b9591feef88d51edabf4d5ffca342bc656d449b6f25a7f7b5c9df46a4bbf609
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8da1356b980ad99f90ff16109f9d3581799c9c6d40cac0b91caa3627f7736f04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD51A061F0D643A2EA10BB15AC409B9A360BF44B94FC86131EE5D477EAEF7CF5648720
                                                                                                                                                                                                                  Function 00007FF70E897FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                  • API String ID: 2895956056-699529898
                                                                                                                                                                                                                  • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                  • Instruction ID: 6668892aa71a2c507a150ea5fb36cd37e7d4616c7e411da84709bba4d383ba2b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC412F32A1878285EB20AB24F8456BAB3A1FFC5360F941335E6AD477D5DF7CE0548B50
                                                                                                                                                                                                                  Function 00007FF70E8911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 553 7ff70e8911f0-7ff70e89124d call 7ff70e89b0a0 556 7ff70e89124f-7ff70e891276 call 7ff70e8925f0 553->556 557 7ff70e891277-7ff70e89128f call 7ff70e8a4170 553->557 562 7ff70e891291-7ff70e8912a8 call 7ff70e892760 557->562 563 7ff70e8912ad-7ff70e8912bd call 7ff70e8a4170 557->563 568 7ff70e891409-7ff70e89141e call 7ff70e89ad80 call 7ff70e8a415c * 2 562->568 569 7ff70e8912bf-7ff70e8912d6 call 7ff70e892760 563->569 570 7ff70e8912db-7ff70e8912ed 563->570 585 7ff70e891423-7ff70e89143d 568->585 569->568 571 7ff70e8912f0-7ff70e891315 call 7ff70e89f6bc 570->571 579 7ff70e891401 571->579 580 7ff70e89131b-7ff70e891325 call 7ff70e89f430 571->580 579->568 580->579 586 7ff70e89132b-7ff70e891337 580->586 587 7ff70e891340-7ff70e891368 call 7ff70e8994e0 586->587 590 7ff70e8913e6-7ff70e8913fc call 7ff70e8925f0 587->590 591 7ff70e89136a-7ff70e89136d 587->591 590->579 592 7ff70e89136f-7ff70e891379 591->592 593 7ff70e8913e1 591->593 595 7ff70e8913a4-7ff70e8913a7 592->595 596 7ff70e89137b-7ff70e891389 call 7ff70e89fdfc 592->596 593->590 597 7ff70e8913a9-7ff70e8913b7 call 7ff70e8b9140 595->597 598 7ff70e8913ba-7ff70e8913bf 595->598 602 7ff70e89138e-7ff70e891391 596->602 597->598 598->587 601 7ff70e8913c5-7ff70e8913c8 598->601 606 7ff70e8913ca-7ff70e8913cd 601->606 607 7ff70e8913dc-7ff70e8913df 601->607 603 7ff70e89139f-7ff70e8913a2 602->603 604 7ff70e891393-7ff70e89139d call 7ff70e89f430 602->604 603->590 604->598 604->603 606->590 609 7ff70e8913cf-7ff70e8913d7 606->609 607->579 609->571
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                  • Opcode ID: 037f3093d73a47c1094b0f469115e0436c81e2300c38a90b229c8b60b32e4b09
                                                                                                                                                                                                                  • Instruction ID: 4acfda1e2c84eb3584f8fbc488912c0c9f9d3525ed6b3aba880b655127b6b2c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 037f3093d73a47c1094b0f469115e0436c81e2300c38a90b229c8b60b32e4b09
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8551D422E0D64385EA60BB15AC40BBAA291BF85794FC86135ED4D47BD5EF3CF521C720
                                                                                                                                                                                                                  Function 00007FF70E8AE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF70E8AE3BA,?,?,-00000018,00007FF70E8AA063,?,?,?,00007FF70E8A9F5A,?,?,?,00007FF70E8A524E), ref: 00007FF70E8AE19C
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF70E8AE3BA,?,?,-00000018,00007FF70E8AA063,?,?,?,00007FF70E8A9F5A,?,?,?,00007FF70E8A524E), ref: 00007FF70E8AE1A8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                  • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                  • Instruction ID: 6d3cf80a4a9e68b7f6ab2106a28ae1e5b7f916d2b384f0c652892381a6391a86
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4941E371B19A1281FA26EB16AC00E75A392BF45BA0F8C6935DD1D477C4EF3CE4A5C321
                                                                                                                                                                                                                  Function 00007FF70E897C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF70E893834), ref: 00007FF70E897CE4
                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF70E893834), ref: 00007FF70E897D2C
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897E10: GetEnvironmentVariableW.KERNEL32(00007FF70E89365F), ref: 00007FF70E897E47
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF70E897E69
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A7548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8A7561
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8926C0: MessageBoxW.USER32 ref: 00007FF70E892736
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                  • API String ID: 740614611-1339014028
                                                                                                                                                                                                                  • Opcode ID: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                                                                                                                                                                  • Instruction ID: 3c255ec9e30046ef6ff604e4c20ded7c1b28655ff4da2e2e8e407ebf33aca51e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2641CE11F1964290FA25FB61AC51AF9A251AF86B80FC83032EE1D477D6EF3DF5218360
                                                                                                                                                                                                                  Function 00007FF70E8AAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 727 7ff70e8aad6c-7ff70e8aad92 728 7ff70e8aad94-7ff70e8aada8 call 7ff70e8a43d4 call 7ff70e8a43f4 727->728 729 7ff70e8aadad-7ff70e8aadb1 727->729 743 7ff70e8ab19e 728->743 730 7ff70e8ab187-7ff70e8ab193 call 7ff70e8a43d4 call 7ff70e8a43f4 729->730 731 7ff70e8aadb7-7ff70e8aadbe 729->731 750 7ff70e8ab199 call 7ff70e8a9bf0 730->750 731->730 733 7ff70e8aadc4-7ff70e8aadf2 731->733 733->730 737 7ff70e8aadf8-7ff70e8aadff 733->737 740 7ff70e8aae01-7ff70e8aae13 call 7ff70e8a43d4 call 7ff70e8a43f4 737->740 741 7ff70e8aae18-7ff70e8aae1b 737->741 740->750 746 7ff70e8aae21-7ff70e8aae27 741->746 747 7ff70e8ab183-7ff70e8ab185 741->747 748 7ff70e8ab1a1-7ff70e8ab1b8 743->748 746->747 751 7ff70e8aae2d-7ff70e8aae30 746->751 747->748 750->743 751->740 754 7ff70e8aae32-7ff70e8aae57 751->754 756 7ff70e8aae59-7ff70e8aae5b 754->756 757 7ff70e8aae8a-7ff70e8aae91 754->757 758 7ff70e8aae82-7ff70e8aae88 756->758 759 7ff70e8aae5d-7ff70e8aae64 756->759 760 7ff70e8aae66-7ff70e8aae7d call 7ff70e8a43d4 call 7ff70e8a43f4 call 7ff70e8a9bf0 757->760 761 7ff70e8aae93-7ff70e8aaebb call 7ff70e8ac90c call 7ff70e8a9c58 * 2 757->761 763 7ff70e8aaf08-7ff70e8aaf1f 758->763 759->758 759->760 791 7ff70e8ab010 760->791 787 7ff70e8aaed8-7ff70e8aaf03 call 7ff70e8ab594 761->787 788 7ff70e8aaebd-7ff70e8aaed3 call 7ff70e8a43f4 call 7ff70e8a43d4 761->788 766 7ff70e8aaf21-7ff70e8aaf29 763->766 767 7ff70e8aaf9a-7ff70e8aafa4 call 7ff70e8b2c2c 763->767 766->767 771 7ff70e8aaf2b-7ff70e8aaf2d 766->771 778 7ff70e8aafaa-7ff70e8aafbf 767->778 779 7ff70e8ab02e 767->779 771->767 775 7ff70e8aaf2f-7ff70e8aaf45 771->775 775->767 780 7ff70e8aaf47-7ff70e8aaf53 775->780 778->779 785 7ff70e8aafc1-7ff70e8aafd3 GetConsoleMode 778->785 783 7ff70e8ab033-7ff70e8ab053 ReadFile 779->783 780->767 786 7ff70e8aaf55-7ff70e8aaf57 780->786 789 7ff70e8ab059-7ff70e8ab061 783->789 790 7ff70e8ab14d-7ff70e8ab156 GetLastError 783->790 785->779 792 7ff70e8aafd5-7ff70e8aafdd 785->792 786->767 793 7ff70e8aaf59-7ff70e8aaf71 786->793 787->763 788->791 789->790 796 7ff70e8ab067 789->796 799 7ff70e8ab173-7ff70e8ab176 790->799 800 7ff70e8ab158-7ff70e8ab16e call 7ff70e8a43f4 call 7ff70e8a43d4 790->800 801 7ff70e8ab013-7ff70e8ab01d call 7ff70e8a9c58 791->801 792->783 798 7ff70e8aafdf-7ff70e8ab001 ReadConsoleW 792->798 793->767 794 7ff70e8aaf73-7ff70e8aaf7f 793->794 794->767 802 7ff70e8aaf81-7ff70e8aaf83 794->802 806 7ff70e8ab06e-7ff70e8ab083 796->806 808 7ff70e8ab022-7ff70e8ab02c 798->808 809 7ff70e8ab003 GetLastError 798->809 803 7ff70e8ab009-7ff70e8ab00b call 7ff70e8a4368 799->803 804 7ff70e8ab17c-7ff70e8ab17e 799->804 800->791 801->748 802->767 813 7ff70e8aaf85-7ff70e8aaf95 802->813 803->791 804->801 806->801 815 7ff70e8ab085-7ff70e8ab090 806->815 808->806 809->803 813->767 819 7ff70e8ab092-7ff70e8ab0ab call 7ff70e8aa984 815->819 820 7ff70e8ab0b7-7ff70e8ab0bf 815->820 827 7ff70e8ab0b0-7ff70e8ab0b2 819->827 824 7ff70e8ab0c1-7ff70e8ab0d3 820->824 825 7ff70e8ab13b-7ff70e8ab148 call 7ff70e8aa7c4 820->825 828 7ff70e8ab0d5 824->828 829 7ff70e8ab12e-7ff70e8ab136 824->829 825->827 827->801 831 7ff70e8ab0da-7ff70e8ab0e1 828->831 829->801 832 7ff70e8ab0e3-7ff70e8ab0e7 831->832 833 7ff70e8ab11d-7ff70e8ab128 831->833 834 7ff70e8ab103 832->834 835 7ff70e8ab0e9-7ff70e8ab0f0 832->835 833->829 837 7ff70e8ab109-7ff70e8ab119 834->837 835->834 836 7ff70e8ab0f2-7ff70e8ab0f6 835->836 836->834 838 7ff70e8ab0f8-7ff70e8ab101 836->838 837->831 839 7ff70e8ab11b 837->839 838->837 839->829
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                  • Instruction ID: 5803d575c28325178c3405c114aefc1412af9a0dfaa13f0cae97e1f606529f5a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C1C32290CA8791FB65AB149840ABDB790FF90B80F9D6131DA5D077D1DFBDE865C320
                                                                                                                                                                                                                  Function 00007FF70E897B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                                  • Opcode ID: fa100e685baa98e829519164d8c7bae0263b828ebdd9095db38f9558f9492d32
                                                                                                                                                                                                                  • Instruction ID: 9bb2c966c04a2a1c5fae4505b809aa3763fc8b0850f98751f7816d9f0d4cbcf4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa100e685baa98e829519164d8c7bae0263b828ebdd9095db38f9558f9492d32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC21A631F0CA4242EB20AB55EC40A3AE3A1FF817A4F941235EAAD43BE4DF7DE4558710
                                                                                                                                                                                                                  Function 00007FF70E8933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF70E893534), ref: 00007FF70E893411
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: GetLastError.KERNEL32(?,?,?,00007FF70E89342E,?,00007FF70E893534), ref: 00007FF70E892A14
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: FormatMessageW.KERNEL32(?,?,?,00007FF70E89342E), ref: 00007FF70E892A7D
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: MessageBoxW.USER32 ref: 00007FF70E892ACF
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                  • API String ID: 517058245-2863816727
                                                                                                                                                                                                                  • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                  • Instruction ID: ba926ee1cd1e4c281a793f1bb3561331e1d843fde81d88bbf076c04b808dbf90
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621B321F1C64391FA21BB24ED41BBAD250BF58384FC42132E69D865E5EF2CF524C720
                                                                                                                                                                                                                  Function 00007FF70E898400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: GetCurrentProcess.KERNEL32 ref: 00007FF70E897B70
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: OpenProcessToken.ADVAPI32 ref: 00007FF70E897B83
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: GetTokenInformation.KERNELBASE ref: 00007FF70E897BA8
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: GetLastError.KERNEL32 ref: 00007FF70E897BB2
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: GetTokenInformation.KERNELBASE ref: 00007FF70E897BF2
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF70E897C0E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E897B50: CloseHandle.KERNEL32 ref: 00007FF70E897C26
                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF70E893814), ref: 00007FF70E89848C
                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF70E893814), ref: 00007FF70E898495
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                                  • Opcode ID: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                                                                                                                                                  • Instruction ID: 031dd2ca9c70c7339fd8bc4335fd2c370f68f4b6cff6b2124024ce137ee90880
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B217121E1864292F614BB10ED15BEAA3A4FF89780FC86436EA4D537D6DF3CE464C760
                                                                                                                                                                                                                  Function 00007FF70E897530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(00000000,?,00007FF70E89324C,?,?,00007FF70E893964), ref: 00007FF70E897642
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                  • Opcode ID: 2c89eec29aeb9772413d30908ff664029992db9044f6d674e1a207c7a7cb4ecf
                                                                                                                                                                                                                  • Instruction ID: a7e9f71caa5da132cb94824b4686674957feb33a09057c4e71d397ee3f759fec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c89eec29aeb9772413d30908ff664029992db9044f6d674e1a207c7a7cb4ecf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31BA21F2DAC555EA61AB15EC10BAAA254FF44BE0FC85231EA6D437C5DF3CE2158710
                                                                                                                                                                                                                  Function 00007FF70E8AC270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8AC25B), ref: 00007FF70E8AC38C
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8AC25B), ref: 00007FF70E8AC417
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                  • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                  • Instruction ID: e1514914cc22af9eea9ff0a95876d95a6185b8a6dce6b6e7f50a38aa15658018
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E91C532E0865185F750EF699C40ABDEBA0BF44B88F986139DE4E66AD4DF3CD461C720
                                                                                                                                                                                                                  Function 00007FF70E8AEC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                                  • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                  • Instruction ID: 1353ba023335a3cd9eaaa200ace15372e5be0f5e5f3c6df9589f1c7ca2d40a18
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77513672F046118AFB28EF64DD45ABCB7A1AF00358FD82535DD1E52AE5DF38A4A2C710
                                                                                                                                                                                                                  Function 00007FF70E8A4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                                  • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                  • Instruction ID: a987cd3e4772801a1647f3337121264b06ec92629c136ca87b63005197f61116
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45519F22E046418AFB54EFB1D8407BDA3A1EF48B58F58A034DE1D87689DFBCD462C720
                                                                                                                                                                                                                  Function 00007FF70E8A4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                                  • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                  • Instruction ID: 62b52501a549936bc608cbb7882b28187d690a7c88ceb81fb6dff2326a87fc0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4419422D1878283FB54AF609950779B260FF94764F54A334E6AC03AD5EFBCA5F08720
                                                                                                                                                                                                                  Function 00007FF70E89BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                                  • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                  • Instruction ID: 97c91b1c7d389cc0c1052a707396b68998d134f3b6e46285cbd7cfe9dcff8613
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E313A11E0C64385FA54BB659D16BB9E391AF81384FCC3034E94E4B6D3DF2EB8248235
                                                                                                                                                                                                                  Function 00007FF70E8A8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                  • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                  • Instruction ID: 79f4dc9884238aef44233a9ef0c25c3db8ba0daf35e7444ca7236dbd2f1527fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD06710F187068AFA593B705C5997992515F58701B943438D88A0B3D3CF2CA8294270
                                                                                                                                                                                                                  Function 00007FF70E89F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                                                                                                                                                  • Instruction ID: 0723fb7111d8f10d7b0d1384008944f37817b46f9a8e9fdf91965d79c2c3d185
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE51D661F0924246F62DAE259C00E7AA291BF84BB4F9C6634DF6D877D5CF3CF4218620
                                                                                                                                                                                                                  Function 00007FF70E8AB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                  • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                  • Instruction ID: 39795937fcf538b04c0d03e31ef137325149d4e03b9f7b3365c3d51d6a0cab54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB11C162A0CA8181EA20AB25AD44579A361AF44BF4F985335EEBD077E9CF7CD0618740
                                                                                                                                                                                                                  Function 00007FF70E8A4C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8A4B49), ref: 00007FF70E8A4C67
                                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8A4B49), ref: 00007FF70E8A4C7D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                                  • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                  • Instruction ID: 7165938f067de04847b28f27466e916e08bac72ff277ef3dc715d6c473cc4bd8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11A33160C60281EB64AB11A85153EF7A0FF85765F942235FAED859E8EF7CD064DB10
                                                                                                                                                                                                                  Function 00007FF70E8A9C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                  • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                  • Instruction ID: 0d85a12f510124c7bc6e50b7b9bfcad6cf27220bfbf66755e677e21ed530ea9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10E0EC50F0DA4686FF187BF2AC4597992919FD8741FC8A034D91D872E1EF6C68658730
                                                                                                                                                                                                                  Function 00007FF70E8A9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF70E8A9CE5,?,?,00000000,00007FF70E8A9D9A), ref: 00007FF70E8A9ED6
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF70E8A9CE5,?,?,00000000,00007FF70E8A9D9A), ref: 00007FF70E8A9EE0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                                  • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                  • Instruction ID: 001ae8ddebae96e82dc4b4de7c26c861bebefbe33dfa507ea480cfccfeb52189
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0219211F1CA8241FF50B760FC80B79A2915F847A0F8CA235EA2E476D2CFACE4718320
                                                                                                                                                                                                                  Function 00007FF70E8AB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 164a9401b0bfd199dc8034d016670759b34e81a86d5a64e83628a5f98765227c
                                                                                                                                                                                                                  • Instruction ID: 221db3768fb01b625ee4ca7f048c36407dcf21252d9f96b879fe4ae67c5132f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 164a9401b0bfd199dc8034d016670759b34e81a86d5a64e83628a5f98765227c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F41E43290824187FA24EF55A941A7DB3A1EF95B80F982132D69E836D1DF3CE452C770
                                                                                                                                                                                                                  Function 00007FF70E8976A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                                  • Opcode ID: 975c3a5ec649139404ac52ecddea46541f176f5586f0ae2f8c4f26f5f44efa62
                                                                                                                                                                                                                  • Instruction ID: 40d9e7e1195310ccdf225ace74232edf52d39ec5b72dcc604df25863601e0361
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 975c3a5ec649139404ac52ecddea46541f176f5586f0ae2f8c4f26f5f44efa62
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17219E21F1825255FA14AA16AD04BBAE641BF85BC4FCC6431EE0C077C6DF7EF061C620
                                                                                                                                                                                                                  Function 00007FF70E8AAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                                                                                                                                                  • Instruction ID: a9eb1a2565d84cc8a7282b7d357873822fb23fa7c6db09a81d10ec5a43487c5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F31D221A1C65282FB15BB148C40BBCA650AF50B60FD92175DA2D077E2CFBEE461C330
                                                                                                                                                                                                                  Function 00007FF70E8A8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                                  • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                  • Instruction ID: f0c9fdfc6e6c0b1f485f38dbb004dbd81e889859e9df7a5b24229c632f827569
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0219C32E157058AFB69AF64C8486EC73A0FF44318F88163AD62C07AC5EF38D465CB60
                                                                                                                                                                                                                  Function 00007FF70E8A52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                  • Instruction ID: 1decc270d670a08afe7ac3053605aafc6f9083b629478b24e95ccb6ea4c85ffe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA119621A1C68185FE60BF91AC0097EE265FF95B80FDC5031EA4C57AD6CF7DD4A18760
                                                                                                                                                                                                                  Function 00007FF70E8B5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                  • Instruction ID: 41e783be9416045cf66323b83af1dead071ec0b0f5c3083bfec63894d4e3fa82
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99210B32608A8187EB61AF18D840B79B7A1FF85B94F945234DB9D476D5DF3DD410CB10
                                                                                                                                                                                                                  Function 00007FF70E89F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                  • Instruction ID: 3e07d94619e718de43413150127926a4722f7c9881af070f033d9b1ccaaae176
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F201A521B0878250EA04BB566D00879E695AF95FE0F8C9631DF6C57BD6DF7CE4228310
                                                                                                                                                                                                                  Function 00007FF70E8A720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                  • Instruction ID: 0ac5330b9c4caefa654f8af78c7a170fabd0e098db6d5992e8b1ddd65bbe4748
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE01D220E0D68245FEA0BB626D01979E291AF45794FCC7136F96E426D2DFBEE4709230
                                                                                                                                                                                                                  Function 00007FF70E8A7548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                  • Instruction ID: b2fbc5d8d88fcb24d6d9ab7824d8ddd8f0441091ac5cc4a79a4e4af007826f0d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E0EC91F0824782FA187AE84D82E7991509FA4340FDC6431DA580A2D3DF5E7865A631
                                                                                                                                                                                                                  Function 00007FF70E8ADEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF70E8AA63A,?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A), ref: 00007FF70E8ADEFD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                  • Instruction ID: 2471c164600b41ebcba8bafc37c1db3df018ab91aa763900faeb782add22bc7a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50F06D04B0964780FE5477A29C11BB6E2905F98B88FCC7031D90EC6AD1EF6CE5B58230
                                                                                                                                                                                                                  Function 00007FF70E8AC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF70E89FFB0,?,?,?,00007FF70E8A161A,?,?,?,?,?,00007FF70E8A2E09), ref: 00007FF70E8AC94A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                  • Instruction ID: feec5d43f42a34a763b86a977a6c4cac1065f4721425d318494f7fd85fd94f0d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF05800B1C24B84FE2477B25D11E79E2805F88BA0FCC7230DC6E862D1DF6CA4648230

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FF70E8950B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E8950C0
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E895101
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E895126
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E89514B
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E895173
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E89519B
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E8951C3
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E8951EB
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF70E895C57,?,00007FF70E89308E), ref: 00007FF70E895213
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                  • API String ID: 190572456-2007157414
                                                                                                                                                                                                                  • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                  • Instruction ID: 419e68a199c3c412ee5081753736b84e4c0b826a7e210f2ae07add4dc92c498b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4127264D0EB4391FA66BB48AC509B4E3A4AF19750BD83435C88E127E4EF7CB5788371
                                                                                                                                                                                                                  Function 00007FF70E89C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                                  • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                  • Instruction ID: e1017dd92c61e63ec9ed5cddd264a45d17b2a9d9c16cf65de2107886db1b6bce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D313272608B818AEB609F64E8407FEB364FB84744F84503ADB8D47B95DF38D558C724
                                                                                                                                                                                                                  Function 00007FF70E8A9924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                  • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                  • Instruction ID: a8f344aca0aa3c4441268a1a0243b3642203d6e30e55e820898e0f73a6fb154f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5318F32608B818AEB20DF25EC406AEB3A4FF88754F941136EA9D47B95DF3CD165CB10
                                                                                                                                                                                                                  Function 00007FF70E8B0B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                                  • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                  • Instruction ID: fca2dd594d3a1e3af26809c3a1f14ccf6306ad94fd245ca5b4c69919418cc02a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6B1B722B18A96C1EA61AB21AC109BBE391EF54BE4FC46131EE9D47BD5DF3CE451C310
                                                                                                                                                                                                                  Function 00007FF70E896EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                  • API String ID: 190572456-3427451314
                                                                                                                                                                                                                  • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                  • Instruction ID: a4f9e990b83954d4b2ba348559bc051797dd343d99990017594d93d4f522f395
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBE18364D1DF43A0FA69BB14AC509B8E3A5AF04750FD83436C89E026E4EF3CB569D321
                                                                                                                                                                                                                  Function 00007FF70E8977D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF70E893FA4,00000000,00007FF70E891925), ref: 00007FF70E8986E9
                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF70E897C97,?,?,FFFFFFFF,00007FF70E893834), ref: 00007FF70E89782C
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8926C0: MessageBoxW.USER32 ref: 00007FF70E892736
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                                  • Opcode ID: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                                                                                                                                                                  • Instruction ID: ce5772724d3961cb91ebd25346f5991303c5182ee1a1eabc1b7fd4cb045ee2b4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46418011F2D64291FA60BB25EC51EBAE251EF84780FC87432D64E526D5EF2DF1248760
                                                                                                                                                                                                                  Function 00007FF70E8920F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                  • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                  • Instruction ID: 8dbaf5b83cb512fd5ff6164e6ca84dac1118c9a124b180097ad32f56ab43a45a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7351F826614BA186D634AF22B8185BAF7A1FB98B61F404131EBDE43794DF3CD095CB20
                                                                                                                                                                                                                  Function 00007FF70E8A55A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                  • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                  • Instruction ID: 11596ceb25bad1689937fd43612c7c586f76e6e288c0f74c2e173194d2dd6d7e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C128062E0C24386FB20BB15E854A79E661FF40750FDC6136E69A476C4DB3CE9E4CB24
                                                                                                                                                                                                                  Function 00007FF70E8A02E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                  • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                  • Instruction ID: 4da20f8c860361d7d23edc3d9fd375dd4d75f8e37165eecd8ddf46014db05045
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0512A322E0C24386FB60BA14E854BBAF251FF80754FDC6035E699476C4DF7DE8A09B64
                                                                                                                                                                                                                  Function 00007FF70E891050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                  • Opcode ID: 5f0c9df4f84f8c722989105d0e9a125133dd12cd76a780961bdfc3608daa6951
                                                                                                                                                                                                                  • Instruction ID: 0b3de7094c351365b943d7583ee89936d1a8d13dbf9293c2fa7a4cd447b9ae9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f0c9df4f84f8c722989105d0e9a125133dd12cd76a780961bdfc3608daa6951
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76416C21F0964396EA14BB12AC44AB6E391BF44BC4FC86031ED5D47BD5EF2CF8258310
                                                                                                                                                                                                                  Function 00007FF70E891440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                  • Opcode ID: 528659478858decb5e64cd19a141a6b50ba849eb96a436151a74e04084abcbf7
                                                                                                                                                                                                                  • Instruction ID: 7c98c159a163cb3f2f29b1a0b84efcc92712e255002a6445e2914969be105f57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 528659478858decb5e64cd19a141a6b50ba849eb96a436151a74e04084abcbf7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26418E21F0D64396EA20BB55AC409BAE3A0EF047D4FD96031DA5E17AD5EF3CF4618710
                                                                                                                                                                                                                  Function 00007FF70E89DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                                  • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                  • Instruction ID: 023cca6d92b061c48cbebd46d0a0e2d29de0ea30592de2f8e7d7697fcdc16652
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5D15032E0864186EB20EB65D8407ADBBA0FF55788F982135EA4D57BD5DF38F4A0C711
                                                                                                                                                                                                                  Function 00007FF70E89CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF70E89D29A,?,?,?,00007FF70E89CF8C,?,?,?,00007FF70E89CB89), ref: 00007FF70E89D06D
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF70E89D29A,?,?,?,00007FF70E89CF8C,?,?,?,00007FF70E89CB89), ref: 00007FF70E89D07B
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF70E89D29A,?,?,?,00007FF70E89CF8C,?,?,?,00007FF70E89CB89), ref: 00007FF70E89D0A5
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF70E89D29A,?,?,?,00007FF70E89CF8C,?,?,?,00007FF70E89CB89), ref: 00007FF70E89D113
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF70E89D29A,?,?,?,00007FF70E89CF8C,?,?,?,00007FF70E89CB89), ref: 00007FF70E89D11F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                  • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                  • Instruction ID: e5d7099f0495d611bcd1d58f6d20ca636d0b63f20326821ed368c3a4ed14c6e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC31A421F1AB4285EE12AB16AC00A75A394BF44BA4F9D2935DD1D077C0EF3CF4668724
                                                                                                                                                                                                                  Function 00007FF70E8AA460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                  • Opcode ID: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                  • Instruction ID: bc5e50f7c9f4243660b43110ce95a477b215e43945aaf300f41ea884edff287b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B21C220A0D64242FA69B3215E8593CE1425F487B0FCC2735E83E06ED6DF2CB4708721
                                                                                                                                                                                                                  Function 00007FF70E8929E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                  • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                  • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                  • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                  • Instruction ID: a38558d8d94850bfb4f176390a3e6a2e27fde345fcfe7da017d259eb946b08f1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8213572618B8592E730AB10F8506EAB364FF88784F801136EBCD53AD8DF7CD5568B50
                                                                                                                                                                                                                  Function 00007FF70E8B707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                  • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                  • Instruction ID: d8f14f9a200ca380033b6302274fbda28b02a3758b02a5e6fb2ea3b629cac8c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D119321B18B4186E750AB02EC44B39E2A4FF88BE4F801235EA5D877D4DF3CE464C750
                                                                                                                                                                                                                  Function 00007FF70E8981F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E89821D
                                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E89827A
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF70E893FA4,00000000,00007FF70E891925), ref: 00007FF70E8986E9
                                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E898305
                                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E898364
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E898375
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF70E8939F2), ref: 00007FF70E89838A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                                  • Opcode ID: 9b5c0b85d41d77bb9b541fba6b9840375d9a6616c292d566ae331ce4538faf90
                                                                                                                                                                                                                  • Instruction ID: 0924f502a08b71a5cf8cf0c6987df73b0ee1fc67c7306c1334752be574b1dd9f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b5c0b85d41d77bb9b541fba6b9840375d9a6616c292d566ae331ce4538faf90
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3419262E1968285EA74AB12AC00ABAB394FF85BC0F886135DF9D577D9DF3CE411C710
                                                                                                                                                                                                                  Function 00007FF70E8AA5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA5E7
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA61D
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA64A
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA65B
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA66C
                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF70E8A43FD,?,?,?,?,00007FF70E8A979A,?,?,?,?,00007FF70E8A649F), ref: 00007FF70E8AA687
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                  • Opcode ID: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                  • Instruction ID: 615230218e6ed944d40becebf0585dbee003a5c2c3ea23ff777643bdb2790875
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC116320E0C68242FA59B7215E81A7DE1425F497B4F887734D83E07AE6DF2CF4718B21
                                                                                                                                                                                                                  Function 00007FF70E892300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                  • Opcode ID: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                                                                                                                                                                  • Instruction ID: 76fc0833a3c15d099c56ef598ec1c8c1bd135ba73d7d1e2cfbe927b358bd62e2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C317332A09A8289EB20EF61EC556F9B3A0FF89794F881135EA4D47B99DF3CD115C710
                                                                                                                                                                                                                  Function 00007FF70E892760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                  • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                  • API String ID: 1878133881-640379615
                                                                                                                                                                                                                  • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                  • Instruction ID: 70d0d894e93e7afb0e99ea429a4c6eccba7ebeb35a980d5b2935d0e5c65510c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5217672A2878691E620EB10F851BEAA364FF84784F842036E6CD136D9DF7CD655C750
                                                                                                                                                                                                                  Function 00007FF70E8A8DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                  • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                  • Instruction ID: 0c0b58c9ee593952bd39a68c1835e6e6acda9ccc002a5d11cba9370729afeba7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F09C61B19B0281FB146B24EC48B79D360AF45761FD82635C96D461F4CF3CD465C330
                                                                                                                                                                                                                  Function 00007FF70E8B8678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                  • Instruction ID: 75282b9236ba05ec3e735f39a0bf863b2ee757da511271f6a8538b3d17c708ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E118F32E68A0301F65C3128EC5BB7591486F55368F952635E9EE466E68F2CA8618134
                                                                                                                                                                                                                  Function 00007FF70E8AA6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF70E8A98B3,?,?,00000000,00007FF70E8A9B4E,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8AA6BF
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A98B3,?,?,00000000,00007FF70E8A9B4E,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8AA6DE
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A98B3,?,?,00000000,00007FF70E8A9B4E,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8AA706
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A98B3,?,?,00000000,00007FF70E8A9B4E,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8AA717
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF70E8A98B3,?,?,00000000,00007FF70E8A9B4E,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8AA728
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                  • Opcode ID: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                  • Instruction ID: 1af9c06745a8dd97d745b20aed9a1f7e134518446d779f7693cea45b7d99f6c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4311A220A0C64202FA59B3259D81A7AE1515F997A0F8C6734D87D06AE6EF2CE9718721
                                                                                                                                                                                                                  Function 00007FF70E8AA534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                  • Opcode ID: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                  • Instruction ID: a36d83a910cd09974e06dbaa31195bd19a032d77924d7c63540c466d91f218f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E111820A0C64742F95DB2A55C51A79A2824F49374FDC7B74D93E0AAE2EF2CB4B18235
                                                                                                                                                                                                                  Function 00007FF70E8A52B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                                  • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                  • Instruction ID: 90ab50a2b91fc4c5602a7c43bcbfdeb0b3d8527bad857e1d599d097ff69f1610
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A91D072A09A4681F721AF25D850B7DB391AF40B94FCC613ADA5D473D5EF3CE8A58320
                                                                                                                                                                                                                  Function 00007FF70E8AEED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                  • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                  • Instruction ID: 31395249cc4c95adc10ce0668d284efde9b9c3d0c56c4177a638e0ac8dc757ba
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1681DF72F0860385FB657F25C940A78B6A0EF11B48FDDA035CB49972C9DF2DE8619321
                                                                                                                                                                                                                  Function 00007FF70E89C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                  • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                  • Instruction ID: fe5a8470f6cdb85e0e94ee06ec312f76854d46a20cfa4fdc68c27efe53be4bd9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A518D32F196428ADB14EB15E844E79F791EF44B88F989130DA4E477C8DF7AF8618710
                                                                                                                                                                                                                  Function 00007FF70E89E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                  • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                  • Instruction ID: 7a26b426bad3a3f2a19d094ce9586db3564582d8c676ea7e8d4e763cccf88af2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F517F32E0824296EB64EA219844A78BAE0EF54B94F9C6135DA9D47BD5CF3CF470C711
                                                                                                                                                                                                                  Function 00007FF70E89E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                  • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                  • Instruction ID: 0fd1e79192b1e3e604c0764afad85e3e2c0dcc32f50b99da6db94d2e40d773f2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42617132D08B8585D721EB15E840BAAFBA0FB85794F485225EB9C03BD5DF7CE1A0CB10
                                                                                                                                                                                                                  Function 00007FF70E892870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                  • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                  • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                  • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                  • Instruction ID: 5d199521777420a97a901dae90dea88b23def3ca37bbd4407fb149bdd6307e71
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7011B272A28B8591FB20AB00F851FA9B364FF48B84FD42135DA8D57694DF3CE624C750
                                                                                                                                                                                                                  Function 00007FF70E8925F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                  • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                  • API String ID: 1878133881-653037927
                                                                                                                                                                                                                  • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                  • Instruction ID: 4921eb11eb0ef31b82b098e4af0b9913b7f2c9c09e3543f0870e9b183083640f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7911B272A28B8691FB20AB00F851FA9B364FF48B84FD42135DA8C17694DF3CE625C710
                                                                                                                                                                                                                  Function 00007FF70E8AB8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                  • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                  • Instruction ID: ed790d3d246c33f014e60cf06c119e389a21ca6b01e9470cb62bb5e5e4113c6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBD1DF32B08A8189E711DF75D840AACB7A1FB44798B985235CE5E97BD9DF38D426C310
                                                                                                                                                                                                                  Function 00007FF70E892030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                                  • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                  • Instruction ID: 849d372c0dd01f08668ab81cefb68a744fd4f7ba536c99f1ea15360d185cd0a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB11C021E1C15241F654A759FD446799291FF89780FCCA131DE4907BEDCF3DE4E58520
                                                                                                                                                                                                                  Function 00007FF70E89C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                  • Instruction ID: ec51732b601e71226d5dc04fd09cb851e1049879b8d52a5f332e036ffa9b6aa0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B113022B14F068AEB00DF60EC546B973A4FB59758F842E31DE6D46BA4DF7CE1A48350
                                                                                                                                                                                                                  Function 00007FF70E8B4E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                  • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                  • Instruction ID: 6d5e271d2ddde9dbeae0c8f33c6a86cec5a5a998a2325e9bad5b6e30b017e5fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1441FB12A0868256FB24AB159C02B79E750EF80BA4F945235EEAC47BD7EF3CD4618710
                                                                                                                                                                                                                  Function 00007FF70E8A832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8A835E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF70E89BEC5), ref: 00007FF70E8A837C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe, xrefs: 00007FF70E8A836A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
                                                                                                                                                                                                                  • API String ID: 3580290477-4102295864
                                                                                                                                                                                                                  • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                  • Instruction ID: 8cc8178ced62e80f7bea64236a0b213b1adaf0539d4ab38719a466b50027b1a8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5041A232A08B5685F718EF25AC448BCB794EF44790F996035EA5D07BD5DF3CD4618320
                                                                                                                                                                                                                  Function 00007FF70E8AF8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: .$:
                                                                                                                                                                                                                  • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                  • Opcode ID: a7e7ecf8ca197d948e5de4d949c192756b769c590a90378fa45037ccdac380fb
                                                                                                                                                                                                                  • Instruction ID: 6d1019035152ee7b12c0394f00a44ce202744e39f97722a543313740f0d00710
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7e7ecf8ca197d948e5de4d949c192756b769c590a90378fa45037ccdac380fb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B416022F08B5298FB10ABB19C509FC7675AF14748F9C1035DF4D67AC9EF78A4628320
                                                                                                                                                                                                                  Function 00007FF70E8ABF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                                  • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                  • Instruction ID: 69b2945b0fa0976868bdd719c15ca0a733dfa51e4fbfa77edad85357145f9645
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8141A422B18A8585EB20AF25E844BA9B7A0FF98794F885031EE4D87798DF7CD451CB50
                                                                                                                                                                                                                  Function 00007FF70E8AE8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                                  • Opcode ID: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                  • Instruction ID: 133222d1fa4f0e74562ce04fa806bf582995439681718933217f38b6a8bfbb47
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E21D022A0878182FB70AB15D844A7DA3A1FF84B84FCDA435DA8C436C4DF7CE995C760
                                                                                                                                                                                                                  Function 00007FF70E89F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                  • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                  • Instruction ID: 042a988b4da3a7a7a158e53092c892bd8d49955fc9f1c82a7bb696d608bb11af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7112E36A18B8582EB259B15F840669B7E4FF88B84F585231DBCD47BA4DF3CD5618700
                                                                                                                                                                                                                  Function 00007FF70E8AFA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2067181161.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067155568.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067215603.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067245977.00007FF70E8D4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2067353547.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                                  • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                  • Instruction ID: 07df35ec9c98ccc83eb06d0590f0c3de6c57089b42fdb7f67e4b4a15a2bc5c67
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08018421A1C24285FB20BF60AC61ABEA390EF48748FCC2035D64D466D1DF7CE524CA24

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:1.6%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                  Total number of Nodes:860
                                                                                                                                                                                                                  Total number of Limit Nodes:37
                                                                                                                                                                                                                  execution_graph 84098 7ff70e892d00 84099 7ff70e892d10 84098->84099 84100 7ff70e892d61 84099->84100 84101 7ff70e892d4b 84099->84101 84104 7ff70e892d81 84100->84104 84116 7ff70e892d97 __std_exception_copy 84100->84116 84154 7ff70e8925f0 53 API calls _log10_special 84101->84154 84103 7ff70e892d57 __std_exception_copy 84156 7ff70e89b870 84103->84156 84155 7ff70e8925f0 53 API calls _log10_special 84104->84155 84109 7ff70e893069 84171 7ff70e8925f0 53 API calls _log10_special 84109->84171 84112 7ff70e893053 84170 7ff70e8925f0 53 API calls _log10_special 84112->84170 84114 7ff70e89302d 84169 7ff70e8925f0 53 API calls _log10_special 84114->84169 84116->84103 84116->84109 84116->84112 84116->84114 84117 7ff70e892f27 84116->84117 84126 7ff70e891440 84116->84126 84150 7ff70e891bf0 84116->84150 84118 7ff70e892f93 84117->84118 84165 7ff70e8a9714 37 API calls 2 library calls 84117->84165 84120 7ff70e892fb0 84118->84120 84121 7ff70e892fbe 84118->84121 84166 7ff70e8a9714 37 API calls 2 library calls 84120->84166 84167 7ff70e892af0 37 API calls 84121->84167 84124 7ff70e892fbc 84168 7ff70e892470 54 API calls __std_exception_copy 84124->84168 84172 7ff70e893f70 84126->84172 84129 7ff70e89146b 84208 7ff70e8925f0 53 API calls _log10_special 84129->84208 84130 7ff70e89148c 84182 7ff70e89f9f4 84130->84182 84133 7ff70e89147b 84133->84116 84134 7ff70e8914a1 84135 7ff70e8914a5 84134->84135 84136 7ff70e8914c1 84134->84136 84209 7ff70e892760 53 API calls 2 library calls 84135->84209 84138 7ff70e8914f1 84136->84138 84139 7ff70e8914d1 84136->84139 84142 7ff70e8914f7 84138->84142 84147 7ff70e89150a 84138->84147 84210 7ff70e892760 53 API calls 2 library calls 84139->84210 84186 7ff70e8911f0 84142->84186 84143 7ff70e891584 84143->84116 84145 7ff70e8914bc __std_exception_copy 84204 7ff70e89f36c 84145->84204 84147->84145 84148 7ff70e891596 84147->84148 84211 7ff70e89f6bc 84147->84211 84214 7ff70e892760 53 API calls 2 library calls 84148->84214 84151 7ff70e891c15 84150->84151 84456 7ff70e8a3ca4 84151->84456 84154->84103 84155->84103 84158 7ff70e89b879 84156->84158 84157 7ff70e892f1a 84158->84157 84159 7ff70e89bc00 IsProcessorFeaturePresent 84158->84159 84160 7ff70e89bc18 84159->84160 84483 7ff70e89bdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 84160->84483 84162 7ff70e89bc2b 84484 7ff70e89bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84162->84484 84165->84118 84166->84124 84167->84124 84168->84103 84169->84103 84170->84103 84171->84103 84173 7ff70e893f7c 84172->84173 84215 7ff70e8986b0 84173->84215 84175 7ff70e893fa4 84176 7ff70e8986b0 2 API calls 84175->84176 84177 7ff70e893fb7 84176->84177 84220 7ff70e8a52a4 84177->84220 84180 7ff70e89b870 _log10_special 8 API calls 84181 7ff70e891463 84180->84181 84181->84129 84181->84130 84183 7ff70e89fa24 84182->84183 84391 7ff70e89f784 84183->84391 84185 7ff70e89fa3d 84185->84134 84187 7ff70e891248 84186->84187 84188 7ff70e89124f 84187->84188 84189 7ff70e891277 84187->84189 84408 7ff70e8925f0 53 API calls _log10_special 84188->84408 84192 7ff70e891291 84189->84192 84193 7ff70e8912ad 84189->84193 84191 7ff70e891262 84191->84145 84409 7ff70e892760 53 API calls 2 library calls 84192->84409 84195 7ff70e8912bf 84193->84195 84202 7ff70e8912db memcpy_s 84193->84202 84410 7ff70e892760 53 API calls 2 library calls 84195->84410 84197 7ff70e89f6bc _fread_nolock 53 API calls 84197->84202 84198 7ff70e8912a8 __std_exception_copy 84198->84145 84199 7ff70e89139f 84411 7ff70e8925f0 53 API calls _log10_special 84199->84411 84202->84197 84202->84198 84202->84199 84203 7ff70e89f430 37 API calls 84202->84203 84404 7ff70e89fdfc 84202->84404 84203->84202 84205 7ff70e89f39c 84204->84205 84428 7ff70e89f148 84205->84428 84207 7ff70e89f3b5 84207->84143 84208->84133 84209->84145 84210->84145 84440 7ff70e89f6dc 84211->84440 84214->84145 84216 7ff70e8986f6 84215->84216 84217 7ff70e8986d2 MultiByteToWideChar 84215->84217 84218 7ff70e898713 MultiByteToWideChar 84216->84218 84219 7ff70e89870c __std_exception_copy 84216->84219 84217->84216 84217->84219 84218->84219 84219->84175 84221 7ff70e8a51d8 84220->84221 84222 7ff70e8a51fe 84221->84222 84224 7ff70e8a5231 84221->84224 84251 7ff70e8a43f4 11 API calls memcpy_s 84222->84251 84226 7ff70e8a5244 84224->84226 84227 7ff70e8a5237 84224->84227 84225 7ff70e8a5203 84252 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84225->84252 84239 7ff70e8a9f38 84226->84239 84253 7ff70e8a43f4 11 API calls memcpy_s 84227->84253 84232 7ff70e8a5265 84246 7ff70e8af1dc 84232->84246 84233 7ff70e8a5258 84254 7ff70e8a43f4 11 API calls memcpy_s 84233->84254 84236 7ff70e8a5278 84255 7ff70e8a4788 LeaveCriticalSection 84236->84255 84238 7ff70e893fc6 84238->84180 84256 7ff70e8af5e8 EnterCriticalSection 84239->84256 84241 7ff70e8a9f4f 84242 7ff70e8a9fac 19 API calls 84241->84242 84243 7ff70e8a9f5a 84242->84243 84244 7ff70e8af648 _isindst LeaveCriticalSection 84243->84244 84245 7ff70e8a524e 84244->84245 84245->84232 84245->84233 84257 7ff70e8aeed8 84246->84257 84249 7ff70e8af236 84249->84236 84251->84225 84252->84238 84253->84238 84254->84238 84258 7ff70e8aef13 __vcrt_FlsAlloc 84257->84258 84267 7ff70e8af0da 84258->84267 84272 7ff70e8a6d4c 51 API calls 3 library calls 84258->84272 84260 7ff70e8af1b1 84276 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84260->84276 84262 7ff70e8af0e3 84262->84249 84269 7ff70e8b6064 84262->84269 84264 7ff70e8af145 84264->84267 84273 7ff70e8a6d4c 51 API calls 3 library calls 84264->84273 84266 7ff70e8af164 84266->84267 84274 7ff70e8a6d4c 51 API calls 3 library calls 84266->84274 84267->84262 84275 7ff70e8a43f4 11 API calls memcpy_s 84267->84275 84277 7ff70e8b5664 84269->84277 84272->84264 84273->84266 84274->84267 84275->84260 84276->84262 84278 7ff70e8b5699 84277->84278 84279 7ff70e8b567b 84277->84279 84278->84279 84281 7ff70e8b56b5 84278->84281 84331 7ff70e8a43f4 11 API calls memcpy_s 84279->84331 84288 7ff70e8b5c74 84281->84288 84282 7ff70e8b5680 84332 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84282->84332 84286 7ff70e8b568c 84286->84249 84334 7ff70e8b59a8 84288->84334 84291 7ff70e8b5d01 84353 7ff70e8a7830 84291->84353 84292 7ff70e8b5ce9 84365 7ff70e8a43d4 11 API calls memcpy_s 84292->84365 84295 7ff70e8b5cee 84366 7ff70e8a43f4 11 API calls memcpy_s 84295->84366 84304 7ff70e8b56e0 84304->84286 84333 7ff70e8a7808 LeaveCriticalSection 84304->84333 84331->84282 84332->84286 84335 7ff70e8b59d4 84334->84335 84342 7ff70e8b59ee 84334->84342 84335->84342 84378 7ff70e8a43f4 11 API calls memcpy_s 84335->84378 84337 7ff70e8b59e3 84379 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84337->84379 84339 7ff70e8b5abd 84351 7ff70e8b5b1a 84339->84351 84384 7ff70e8a8e90 37 API calls 2 library calls 84339->84384 84340 7ff70e8b5a6c 84340->84339 84382 7ff70e8a43f4 11 API calls memcpy_s 84340->84382 84342->84340 84380 7ff70e8a43f4 11 API calls memcpy_s 84342->84380 84344 7ff70e8b5b16 84344->84351 84385 7ff70e8a9c10 IsProcessorFeaturePresent 84344->84385 84346 7ff70e8b5ab2 84383 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84346->84383 84347 7ff70e8b5a61 84381 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84347->84381 84351->84291 84351->84292 84390 7ff70e8af5e8 EnterCriticalSection 84353->84390 84365->84295 84366->84304 84378->84337 84379->84342 84380->84347 84381->84340 84382->84346 84383->84339 84384->84344 84386 7ff70e8a9c23 84385->84386 84389 7ff70e8a9924 14 API calls 3 library calls 84386->84389 84388 7ff70e8a9c3e GetCurrentProcess TerminateProcess 84389->84388 84392 7ff70e89f7ee 84391->84392 84393 7ff70e89f7ae 84391->84393 84392->84393 84395 7ff70e89f7fa 84392->84395 84403 7ff70e8a9b24 37 API calls 2 library calls 84393->84403 84402 7ff70e8a477c EnterCriticalSection 84395->84402 84397 7ff70e89f7d5 84397->84185 84398 7ff70e89f7ff 84399 7ff70e89f908 71 API calls 84398->84399 84400 7ff70e89f811 84399->84400 84401 7ff70e8a4788 _fread_nolock LeaveCriticalSection 84400->84401 84401->84397 84403->84397 84405 7ff70e89fe2c 84404->84405 84412 7ff70e89fb4c 84405->84412 84407 7ff70e89fe4a 84407->84202 84408->84191 84409->84198 84410->84198 84411->84198 84413 7ff70e89fb99 84412->84413 84414 7ff70e89fb6c 84412->84414 84413->84407 84414->84413 84415 7ff70e89fba1 84414->84415 84416 7ff70e89fb76 84414->84416 84419 7ff70e89fa8c 84415->84419 84426 7ff70e8a9b24 37 API calls 2 library calls 84416->84426 84427 7ff70e8a477c EnterCriticalSection 84419->84427 84421 7ff70e89faa9 84422 7ff70e89facc 74 API calls 84421->84422 84423 7ff70e89fab2 84422->84423 84424 7ff70e8a4788 _fread_nolock LeaveCriticalSection 84423->84424 84425 7ff70e89fabd 84424->84425 84425->84413 84426->84413 84429 7ff70e89f191 84428->84429 84430 7ff70e89f163 84428->84430 84437 7ff70e89f183 84429->84437 84438 7ff70e8a477c EnterCriticalSection 84429->84438 84439 7ff70e8a9b24 37 API calls 2 library calls 84430->84439 84433 7ff70e89f1a8 84434 7ff70e89f1c4 72 API calls 84433->84434 84435 7ff70e89f1b4 84434->84435 84436 7ff70e8a4788 _fread_nolock LeaveCriticalSection 84435->84436 84436->84437 84437->84207 84439->84437 84441 7ff70e89f706 84440->84441 84452 7ff70e89f6d4 84440->84452 84442 7ff70e89f752 84441->84442 84443 7ff70e89f715 memcpy_s 84441->84443 84441->84452 84453 7ff70e8a477c EnterCriticalSection 84442->84453 84454 7ff70e8a43f4 11 API calls memcpy_s 84443->84454 84446 7ff70e89f75a 84448 7ff70e89f45c _fread_nolock 51 API calls 84446->84448 84447 7ff70e89f72a 84455 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84447->84455 84449 7ff70e89f771 84448->84449 84451 7ff70e8a4788 _fread_nolock LeaveCriticalSection 84449->84451 84451->84452 84452->84147 84454->84447 84455->84452 84460 7ff70e8a3cfe 84456->84460 84457 7ff70e8a3d23 84474 7ff70e8a9b24 37 API calls 2 library calls 84457->84474 84459 7ff70e8a3d5f 84475 7ff70e8a1f30 49 API calls _invalid_parameter_noinfo 84459->84475 84460->84457 84460->84459 84462 7ff70e8a3d4d 84464 7ff70e89b870 _log10_special 8 API calls 84462->84464 84463 7ff70e8a9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 84463->84462 84467 7ff70e891c38 84464->84467 84465 7ff70e8a3df6 84466 7ff70e8a3e08 84465->84466 84468 7ff70e8a3e3c 84465->84468 84469 7ff70e8a3e60 84465->84469 84470 7ff70e8a3e11 84465->84470 84466->84468 84466->84470 84467->84116 84468->84463 84469->84468 84471 7ff70e8a3e6a 84469->84471 84476 7ff70e8a9c58 84470->84476 84473 7ff70e8a9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 84471->84473 84473->84462 84474->84462 84475->84465 84477 7ff70e8a9c5d HeapFree 84476->84477 84479 7ff70e8a9c8c 84476->84479 84478 7ff70e8a9c78 GetLastError 84477->84478 84477->84479 84480 7ff70e8a9c85 Concurrency::details::SchedulerProxy::DeleteThis 84478->84480 84479->84462 84482 7ff70e8a43f4 11 API calls memcpy_s 84480->84482 84482->84479 84483->84162 84485 7ffe0cf97cb8 sqlite3_libversion_number 84486 7ffe0cf97cd6 sqlite3_initialize 84485->84486 84487 7ffe0cf9d9f4 84485->84487 84489 7ffe0cf9d9fd sqlite3_errstr 84486->84489 84490 7ffe0cf97ce4 84486->84490 84488 7ffe0cf9da08 PyErr_SetString 84487->84488 84500 7ffe0cf9814f 84488->84500 84489->84488 84553 7ffe0cf9825c PyType_FromModuleAndSpec PyModule_GetState 84490->84553 84492 7ffe0cf97cec 84493 7ffe0cf981c3 sqlite3_shutdown 84492->84493 84554 7ffe0cf9837c PyType_FromModuleAndSpec PyModule_GetState 84492->84554 84493->84500 84495 7ffe0cf9da25 PyErr_Format 84495->84493 84496 7ffe0cf9815c PyModule_AddIntConstant 84496->84493 84496->84500 84497 7ffe0cf97cfc 84497->84493 84555 7ffe0cf983c4 PyType_FromModuleAndSpec PyModule_GetState 84497->84555 84500->84493 84500->84495 84500->84496 84505 7ffe0cf98188 PyModule_GetState _PyImport_GetModuleAttrString 84500->84505 84561 7ffe0cf98334 PyModule_GetState PyDict_New PyModule_AddObjectRef 84500->84561 84562 7ffe0cf982ec PyModule_GetState PyDict_New PyModule_AddObjectRef 84500->84562 84501 7ffe0cf97d0c 84501->84493 84556 7ffe0cf981d0 PyType_FromModuleAndSpec PyModule_GetState 84501->84556 84504 7ffe0cf97d1c 84504->84493 84557 7ffe0cf982a4 PyType_FromModuleAndSpec PyModule_GetState 84504->84557 84505->84493 84506 7ffe0cf981b1 84505->84506 84508 7ffe0cf97d2c 84508->84493 84558 7ffe0cf98218 PyType_FromModuleAndSpec PyModule_GetState 84508->84558 84510 7ffe0cf97d3c 84510->84493 84511 7ffe0cf97d44 PyModule_GetState PyModule_AddType 84510->84511 84511->84493 84512 7ffe0cf97d65 PyModule_AddType 84511->84512 84512->84493 84513 7ffe0cf97d7a PyModule_AddType 84512->84513 84513->84493 84514 7ffe0cf97d92 PyModule_AddType 84513->84514 84514->84493 84515 7ffe0cf97daa PyModule_AddType 84514->84515 84515->84493 84516 7ffe0cf97dc2 PyErr_NewException 84515->84516 84516->84493 84517 7ffe0cf97de9 PyModule_AddType 84516->84517 84517->84493 84518 7ffe0cf97dfd PyErr_NewException 84517->84518 84518->84493 84519 7ffe0cf97e24 PyModule_AddType 84518->84519 84519->84493 84520 7ffe0cf97e38 PyErr_NewException 84519->84520 84520->84493 84521 7ffe0cf97e59 PyModule_AddType 84520->84521 84521->84493 84522 7ffe0cf97e6d PyErr_NewException 84521->84522 84522->84493 84523 7ffe0cf97e8e PyModule_AddType 84522->84523 84523->84493 84524 7ffe0cf97ea2 PyErr_NewException 84523->84524 84524->84493 84525 7ffe0cf97ec3 PyModule_AddType 84524->84525 84525->84493 84526 7ffe0cf97ed7 PyErr_NewException 84525->84526 84526->84493 84527 7ffe0cf97ef8 PyModule_AddType 84526->84527 84527->84493 84528 7ffe0cf97f0c PyErr_NewException 84527->84528 84528->84493 84529 7ffe0cf97f2d PyModule_AddType 84528->84529 84529->84493 84530 7ffe0cf97f41 PyErr_NewException 84529->84530 84530->84493 84531 7ffe0cf97f62 PyModule_AddType 84530->84531 84531->84493 84532 7ffe0cf97f76 PyErr_NewException 84531->84532 84532->84493 84533 7ffe0cf97f96 PyModule_AddType 84532->84533 84533->84493 84534 7ffe0cf97faa PyErr_NewException 84533->84534 84534->84493 84535 7ffe0cf97fcb PyModule_AddType 84534->84535 84535->84493 84536 7ffe0cf97fdf PyUnicode_InternFromString 84535->84536 84536->84493 84537 7ffe0cf97ff5 PyUnicode_InternFromString 84536->84537 84537->84493 84538 7ffe0cf98012 PyUnicode_InternFromString 84537->84538 84538->84493 84539 7ffe0cf9802f PyUnicode_InternFromString 84538->84539 84539->84493 84540 7ffe0cf9804c PyUnicode_InternFromString 84539->84540 84540->84493 84541 7ffe0cf98069 PyUnicode_InternFromString 84540->84541 84541->84493 84542 7ffe0cf98086 PyUnicode_InternFromString 84541->84542 84542->84493 84543 7ffe0cf980a3 PyUnicode_InternFromString 84542->84543 84543->84493 84544 7ffe0cf980c0 84543->84544 84559 7ffe0cf98410 PyModule_AddIntConstant 84544->84559 84546 7ffe0cf980cf 84546->84493 84560 7ffe0cf98480 65 API calls 84546->84560 84548 7ffe0cf980df 84548->84493 84549 7ffe0cf980e7 PyModule_AddStringConstant 84548->84549 84549->84493 84550 7ffe0cf98106 sqlite3_libversion PyModule_AddStringConstant 84549->84550 84550->84493 84551 7ffe0cf98127 PyModule_AddIntConstant 84550->84551 84551->84493 84552 7ffe0cf98143 sqlite3_threadsafe 84551->84552 84552->84500 84553->84492 84554->84497 84555->84501 84556->84504 84557->84508 84558->84510 84559->84546 84560->84548 84561->84500 84562->84500 84563 7ffdfa9811e0 GetSystemInfo 84564 7ffdfa981214 84563->84564 84565 7ff70e8a4938 84566 7ff70e8a496f 84565->84566 84567 7ff70e8a4952 84565->84567 84566->84567 84568 7ff70e8a4982 CreateFileW 84566->84568 84616 7ff70e8a43d4 11 API calls memcpy_s 84567->84616 84570 7ff70e8a49b6 84568->84570 84571 7ff70e8a49ec 84568->84571 84590 7ff70e8a4a8c GetFileType 84570->84590 84619 7ff70e8a4f14 46 API calls 3 library calls 84571->84619 84572 7ff70e8a4957 84617 7ff70e8a43f4 11 API calls memcpy_s 84572->84617 84577 7ff70e8a49f1 84581 7ff70e8a4a20 84577->84581 84582 7ff70e8a49f5 84577->84582 84578 7ff70e8a495f 84618 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 84578->84618 84579 7ff70e8a49e1 CloseHandle 84585 7ff70e8a496a 84579->84585 84580 7ff70e8a49cb CloseHandle 84580->84585 84621 7ff70e8a4cd4 84581->84621 84620 7ff70e8a4368 11 API calls 2 library calls 84582->84620 84589 7ff70e8a49ff 84589->84585 84591 7ff70e8a4b97 84590->84591 84592 7ff70e8a4ada 84590->84592 84594 7ff70e8a4b9f 84591->84594 84595 7ff70e8a4bc1 84591->84595 84593 7ff70e8a4b06 GetFileInformationByHandle 84592->84593 84639 7ff70e8a4e10 21 API calls _fread_nolock 84592->84639 84598 7ff70e8a4b2f 84593->84598 84599 7ff70e8a4bb2 GetLastError 84593->84599 84594->84599 84600 7ff70e8a4ba3 84594->84600 84596 7ff70e8a4be4 PeekNamedPipe 84595->84596 84606 7ff70e8a4b82 84595->84606 84596->84606 84601 7ff70e8a4cd4 51 API calls 84598->84601 84642 7ff70e8a4368 11 API calls 2 library calls 84599->84642 84641 7ff70e8a43f4 11 API calls memcpy_s 84600->84641 84605 7ff70e8a4b3a 84601->84605 84604 7ff70e8a4af4 84604->84593 84604->84606 84632 7ff70e8a4c34 84605->84632 84607 7ff70e89b870 _log10_special 8 API calls 84606->84607 84609 7ff70e8a49c4 84607->84609 84609->84579 84609->84580 84611 7ff70e8a4c34 10 API calls 84612 7ff70e8a4b59 84611->84612 84613 7ff70e8a4c34 10 API calls 84612->84613 84614 7ff70e8a4b6a 84613->84614 84614->84606 84640 7ff70e8a43f4 11 API calls memcpy_s 84614->84640 84616->84572 84617->84578 84618->84585 84619->84577 84620->84589 84622 7ff70e8a4cfc 84621->84622 84630 7ff70e8a4a2d 84622->84630 84643 7ff70e8aea34 51 API calls 2 library calls 84622->84643 84624 7ff70e8a4d90 84624->84630 84644 7ff70e8aea34 51 API calls 2 library calls 84624->84644 84626 7ff70e8a4da3 84626->84630 84645 7ff70e8aea34 51 API calls 2 library calls 84626->84645 84628 7ff70e8a4db6 84628->84630 84646 7ff70e8aea34 51 API calls 2 library calls 84628->84646 84631 7ff70e8a4e10 21 API calls _fread_nolock 84630->84631 84631->84589 84633 7ff70e8a4c50 84632->84633 84634 7ff70e8a4c5d FileTimeToSystemTime 84632->84634 84633->84634 84638 7ff70e8a4c58 84633->84638 84635 7ff70e8a4c71 SystemTimeToTzSpecificLocalTime 84634->84635 84634->84638 84635->84638 84636 7ff70e89b870 _log10_special 8 API calls 84637 7ff70e8a4b49 84636->84637 84637->84611 84638->84636 84639->84604 84640->84606 84641->84606 84642->84606 84643->84624 84644->84626 84645->84628 84646->84630 84647 7ff70e8a8c79 84659 7ff70e8a96e8 84647->84659 84649 7ff70e8a8c7e 84650 7ff70e8a8cef 84649->84650 84651 7ff70e8a8ca5 GetModuleHandleW 84649->84651 84652 7ff70e8a8b7c 11 API calls 84650->84652 84651->84650 84657 7ff70e8a8cb2 84651->84657 84654 7ff70e8a8d2b 84652->84654 84653 7ff70e8a8d32 84654->84653 84655 7ff70e8a8d48 11 API calls 84654->84655 84656 7ff70e8a8d44 84655->84656 84657->84650 84658 7ff70e8a8da0 GetModuleHandleExW GetProcAddress FreeLibrary 84657->84658 84658->84650 84664 7ff70e8aa460 45 API calls 3 library calls 84659->84664 84661 7ff70e8a96f1 84665 7ff70e8a9814 45 API calls _CallSETranslator 84661->84665 84664->84661 84666 7ffe0cf960e0 84667 7ffe0cf9612a PyType_GetModuleByDef PyModule_GetState 84666->84667 84671 7ffe0cf96191 84666->84671 84668 7ffe0cf96199 _PyArg_UnpackKeywords 84667->84668 84669 7ffe0cf9617e 84667->84669 84668->84671 84686 7ffe0cf9621d 84668->84686 84669->84668 84669->84671 84672 7ffe0cf9626a 84671->84672 84673 7ffe0cf96320 PyFloat_AsDouble 84671->84673 84694 7ffe0cf961e9 84671->84694 84675 7ffe0cf962ef _PyLong_AsInt 84672->84675 84676 7ffe0cf96273 84672->84676 84672->84694 84673->84672 84678 7ffe0cf96333 84673->84678 84674 7ffe0cf96239 84675->84676 84680 7ffe0cf9d3c8 PyErr_Occurred 84675->84680 84677 7ffe0cf96286 84676->84677 84676->84694 84734 7ffe0cf967a0 PyUnicode_AsUTF8AndSize PyErr_SetString PyErr_SetString sqlite3_stricmp PyErr_SetString 84676->84734 84684 7ffe0cf9636c PyObject_IsTrue 84677->84684 84685 7ffe0cf9629d 84677->84685 84677->84686 84677->84694 84678->84672 84682 7ffe0cf9d3b4 PyErr_Occurred 84678->84682 84683 7ffe0cf9d3d7 84680->84683 84680->84686 84682->84672 84682->84686 84687 7ffe0cf9d3dc PyErr_Occurred 84683->84687 84684->84685 84684->84686 84688 7ffe0cf9638f _PyLong_AsInt 84685->84688 84689 7ffe0cf962b5 84685->84689 84685->84694 84733 7ffe0cf9b5b0 8 API calls 2 library calls 84686->84733 84687->84686 84690 7ffe0cf9d3eb 84687->84690 84688->84687 84688->84689 84691 7ffe0cf962c2 84689->84691 84692 7ffe0cf96353 PyObject_IsTrue 84689->84692 84689->84694 84690->84690 84691->84694 84735 7ffe0cf968d0 PyLong_AsLong PyErr_SetString 84691->84735 84692->84686 84692->84691 84694->84686 84695 7ffe0cf963b0 PySys_Audit 84694->84695 84696 7ffe0cf963fe PyUnicode_FSConverter 84695->84696 84710 7ffe0cf966a5 84695->84710 84697 7ffe0cf96414 84696->84697 84696->84710 84698 7ffe0cf96421 PyEval_SaveThread sqlite3_open_v2 84697->84698 84738 7ffe0cf942a0 29 API calls 84697->84738 84699 7ffe0cf9647b PyEval_RestoreThread 84698->84699 84700 7ffe0cf96461 sqlite3_busy_timeout 84698->84700 84701 7ffe0cf9649a 84699->84701 84702 7ffe0cf9648e 84699->84702 84700->84699 84705 7ffe0cf964a8 PyType_GetModuleByDef PyModule_GetState 84701->84705 84707 7ffe0cf9d3f9 PyErr_NoMemory 84701->84707 84702->84701 84704 7ffe0cf96494 _Py_Dealloc 84702->84704 84704->84701 84708 7ffe0cf966e6 84705->84708 84709 7ffe0cf964cd PyLong_FromLong 84705->84709 84706 7ffe0cf96724 84706->84698 84706->84710 84707->84710 84737 7ffe0cf958f0 17 API calls 84708->84737 84711 7ffe0cf966f6 sqlite3_close 84709->84711 84712 7ffe0cf964ed PyObject_Vectorcall 84709->84712 84710->84686 84711->84710 84714 7ffe0cf9651d 84712->84714 84715 7ffe0cf9d405 84712->84715 84714->84711 84717 7ffe0cf96526 PyObject_Vectorcall 84714->84717 84715->84714 84716 7ffe0cf9d40f _Py_Dealloc 84715->84716 84716->84714 84718 7ffe0cf96556 84717->84718 84719 7ffe0cf96547 84717->84719 84718->84711 84720 7ffe0cf9655f PyList_New 84718->84720 84719->84718 84721 7ffe0cf9654d _Py_Dealloc 84719->84721 84722 7ffe0cf96573 PyList_New 84720->84722 84730 7ffe0cf9d41b 84720->84730 84721->84718 84723 7ffe0cf96587 PyThread_get_thread_ident 84722->84723 84724 7ffe0cf9d43f 84722->84724 84725 7ffe0cf965e8 84723->84725 84726 7ffe0cf9d46d 84723->84726 84727 7ffe0cf9d44c _Py_Dealloc 84724->84727 84724->84730 84725->84726 84728 7ffe0cf965fe PySys_Audit 84725->84728 84727->84730 84728->84710 84731 7ffe0cf96699 84728->84731 84729 7ffe0cf9d433 _Py_Dealloc 84729->84711 84730->84711 84730->84729 84731->84710 84736 7ffe0cf94000 22 API calls 84731->84736 84733->84674 84734->84677 84735->84694 84736->84710 84737->84711 84738->84706 84739 7ffdfa992210 84740 7ffdfa99225b 84739->84740 84741 7ffdfa99226e strcmp 84740->84741 84745 7ffdfa992281 new[] 84740->84745 84741->84745 84743 7ffdfa9923ac 84746 7ffdfa9923c9 memcpy 84745->84746 84748 7ffdfa9923d4 new[] 84745->84748 84750 7ffdfa99238f 84745->84750 84746->84748 84749 7ffdfa992628 84748->84749 84748->84750 84751 7ffdfa989260 84748->84751 84749->84750 84767 7ffdfa9889c0 37 API calls 84749->84767 84766 7ffdfaaa2bc0 8 API calls 2 library calls 84750->84766 84752 7ffdfa9892e5 84751->84752 84762 7ffdfa98943d new[] 84751->84762 84756 7ffdfa9892fe new[] 84752->84756 84752->84762 84753 7ffdfa989340 new[] 84754 7ffdfa98939b memset 84753->84754 84764 7ffdfa989572 84753->84764 84755 7ffdfa989405 memcpy 84754->84755 84761 7ffdfa989629 84754->84761 84757 7ffdfa989427 memcpy 84755->84757 84758 7ffdfa9895db 84755->84758 84760 7ffdfa989325 memcpy 84756->84760 84756->84764 84759 7ffdfa9895de memcpy memcpy 84757->84759 84758->84759 84759->84761 84760->84753 84761->84764 84768 7ffdfa97ff80 84761->84768 84762->84753 84762->84762 84762->84764 84782 7ffdfaa35c70 13 API calls 84762->84782 84764->84749 84766->84743 84767->84750 84771 7ffdfa97ffd1 84768->84771 84774 7ffdfa9801a0 CreateFileW 84771->84774 84777 7ffdfa980425 84771->84777 84779 7ffdfa980358 84771->84779 84783 7ffdfa97cfb0 84771->84783 84787 7ffdfa97f9a0 22 API calls new[] 84771->84787 84788 7ffdfa9807b0 19 API calls 84771->84788 84789 7ffdfa979330 13 API calls 84771->84789 84773 7ffdfa9805f7 84773->84764 84774->84771 84790 7ffdfa97d7a0 18 API calls 84777->84790 84792 7ffdfaaa2bc0 8 API calls 2 library calls 84779->84792 84780 7ffdfa980450 84791 7ffdfaa35c70 13 API calls 84780->84791 84782->84753 84784 7ffdfa97cfee new[] 84783->84784 84785 7ffdfa97d00b memset 84784->84785 84786 7ffdfa97d037 84784->84786 84785->84786 84786->84771 84787->84771 84788->84771 84789->84771 84790->84780 84791->84779 84792->84773 84793 7ff70e89bf5c 84814 7ff70e89c12c 84793->84814 84796 7ff70e89c0a8 84933 7ff70e89c44c 7 API calls 2 library calls 84796->84933 84797 7ff70e89bf78 __scrt_acquire_startup_lock 84799 7ff70e89c0b2 84797->84799 84806 7ff70e89bf96 __scrt_release_startup_lock 84797->84806 84934 7ff70e89c44c 7 API calls 2 library calls 84799->84934 84801 7ff70e89bfbb 84802 7ff70e89c0bd _CallSETranslator 84803 7ff70e89c041 84820 7ff70e89c594 84803->84820 84805 7ff70e89c046 84823 7ff70e891000 84805->84823 84806->84801 84806->84803 84930 7ff70e8a8e44 45 API calls 84806->84930 84811 7ff70e89c069 84811->84802 84932 7ff70e89c2b0 7 API calls 84811->84932 84813 7ff70e89c080 84813->84801 84815 7ff70e89c134 84814->84815 84816 7ff70e89c140 __scrt_dllmain_crt_thread_attach 84815->84816 84817 7ff70e89bf70 84816->84817 84818 7ff70e89c14d 84816->84818 84817->84796 84817->84797 84818->84817 84935 7ff70e89cba8 7 API calls 2 library calls 84818->84935 84936 7ff70e8b97e0 84820->84936 84822 7ff70e89c5ab GetStartupInfoW 84822->84805 84824 7ff70e891009 84823->84824 84938 7ff70e8a4794 84824->84938 84826 7ff70e89352b 84945 7ff70e8933e0 84826->84945 84829 7ff70e893538 84831 7ff70e89b870 _log10_special 8 API calls 84829->84831 84833 7ff70e89372a 84831->84833 84931 7ff70e89c5d8 GetModuleHandleW 84833->84931 84834 7ff70e893736 84836 7ff70e893f70 108 API calls 84834->84836 84835 7ff70e89356c 84837 7ff70e891bf0 49 API calls 84835->84837 84838 7ff70e893746 84836->84838 84851 7ff70e893588 84837->84851 84839 7ff70e893785 84838->84839 85035 7ff70e8976a0 84838->85035 85044 7ff70e8925f0 53 API calls _log10_special 84839->85044 84843 7ff70e893778 84845 7ff70e89379f 84843->84845 84846 7ff70e89377d 84843->84846 84844 7ff70e89365f __std_exception_copy 84848 7ff70e893844 84844->84848 84852 7ff70e897e10 14 API calls 84844->84852 84847 7ff70e891bf0 49 API calls 84845->84847 84849 7ff70e89f36c 74 API calls 84846->84849 84850 7ff70e8937be 84847->84850 85048 7ff70e893e90 49 API calls 84848->85048 84849->84839 84859 7ff70e8918f0 115 API calls 84850->84859 85007 7ff70e897e10 84851->85007 84854 7ff70e8936ae 84852->84854 85033 7ff70e897f80 40 API calls __std_exception_copy 84854->85033 84855 7ff70e893852 84857 7ff70e893871 84855->84857 84858 7ff70e893865 84855->84858 84862 7ff70e891bf0 49 API calls 84857->84862 85049 7ff70e893fe0 84858->85049 84863 7ff70e8937df 84859->84863 84860 7ff70e8936bd 84864 7ff70e89380f 84860->84864 84866 7ff70e8936cf 84860->84866 84878 7ff70e893805 __std_exception_copy 84862->84878 84863->84851 84865 7ff70e8937ef 84863->84865 85046 7ff70e898400 58 API calls _log10_special 84864->85046 85045 7ff70e8925f0 53 API calls _log10_special 84865->85045 84871 7ff70e891bf0 49 API calls 84866->84871 84868 7ff70e8986b0 2 API calls 84869 7ff70e89389e SetDllDirectoryW 84868->84869 84877 7ff70e8938c3 84869->84877 84874 7ff70e8936f1 84871->84874 84872 7ff70e893814 85047 7ff70e897c40 84 API calls 2 library calls 84872->85047 84874->84878 84879 7ff70e8936fc 84874->84879 84881 7ff70e893a50 84877->84881 85052 7ff70e896560 53 API calls 84877->85052 84878->84868 85034 7ff70e8925f0 53 API calls _log10_special 84879->85034 84880 7ff70e893834 84880->84848 84880->84878 84884 7ff70e893a5a PostMessageW GetMessageW 84881->84884 84885 7ff70e893a7d 84881->84885 84884->84885 85020 7ff70e893080 84885->85020 84886 7ff70e8938d5 85053 7ff70e896b00 118 API calls 2 library calls 84886->85053 84888 7ff70e8938ea 84890 7ff70e893947 84888->84890 84892 7ff70e893901 84888->84892 85054 7ff70e8965a0 121 API calls _log10_special 84888->85054 84890->84881 84898 7ff70e89395c 84890->84898 84905 7ff70e893905 84892->84905 85055 7ff70e896970 91 API calls 84892->85055 84896 7ff70e893916 84896->84905 85056 7ff70e896cd0 54 API calls 84896->85056 85059 7ff70e8930e0 122 API calls 2 library calls 84898->85059 84901 7ff70e893964 84901->84829 84904 7ff70e89396c 84901->84904 84903 7ff70e893aa3 85060 7ff70e8983e0 LocalFree 84904->85060 84905->84890 85057 7ff70e892870 53 API calls _log10_special 84905->85057 84908 7ff70e89393f 85058 7ff70e896780 FreeLibrary 84908->85058 84930->84803 84931->84811 84932->84813 84933->84799 84934->84802 84935->84817 84937 7ff70e8b97d0 84936->84937 84937->84822 84937->84937 84941 7ff70e8ae790 84938->84941 84939 7ff70e8ae7e3 85062 7ff70e8a9b24 37 API calls 2 library calls 84939->85062 84941->84939 84942 7ff70e8ae836 84941->84942 85063 7ff70e8ae668 71 API calls _fread_nolock 84942->85063 84944 7ff70e8ae80c 84944->84826 85064 7ff70e89bb70 84945->85064 84947 7ff70e8933ec GetModuleFileNameW 84948 7ff70e893438 84947->84948 84949 7ff70e89341b 84947->84949 85066 7ff70e8985a0 FindFirstFileExW 84948->85066 85071 7ff70e8929e0 51 API calls _log10_special 84949->85071 84952 7ff70e89342e 84957 7ff70e89b870 _log10_special 8 API calls 84952->84957 84954 7ff70e8934a5 85074 7ff70e898760 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 84954->85074 84955 7ff70e89344b 85072 7ff70e898620 CreateFileW GetFinalPathNameByHandleW CloseHandle 84955->85072 84960 7ff70e8934dd 84957->84960 84959 7ff70e8934b3 84959->84952 85075 7ff70e8926c0 49 API calls _log10_special 84959->85075 84960->84829 84967 7ff70e8918f0 84960->84967 84961 7ff70e893458 84962 7ff70e893474 __vcrt_FlsAlloc 84961->84962 84963 7ff70e89345c 84961->84963 84962->84954 85073 7ff70e8926c0 49 API calls _log10_special 84963->85073 84966 7ff70e89346d 84966->84952 84968 7ff70e893f70 108 API calls 84967->84968 84969 7ff70e891925 84968->84969 84970 7ff70e891bb6 84969->84970 84972 7ff70e8976a0 83 API calls 84969->84972 84971 7ff70e89b870 _log10_special 8 API calls 84970->84971 84973 7ff70e891bd1 84971->84973 84974 7ff70e89196b 84972->84974 84973->84834 84973->84835 84976 7ff70e89f9f4 73 API calls 84974->84976 84982 7ff70e89199c 84974->84982 84975 7ff70e89f36c 74 API calls 84975->84970 84977 7ff70e891985 84976->84977 84978 7ff70e8919a1 84977->84978 84979 7ff70e891989 84977->84979 84980 7ff70e89f6bc _fread_nolock 53 API calls 84978->84980 85076 7ff70e892760 53 API calls 2 library calls 84979->85076 84983 7ff70e8919b9 84980->84983 84982->84975 84984 7ff70e8919bf 84983->84984 84985 7ff70e8919d7 84983->84985 85077 7ff70e892760 53 API calls 2 library calls 84984->85077 84987 7ff70e891a06 84985->84987 84988 7ff70e8919ee 84985->84988 84990 7ff70e891bf0 49 API calls 84987->84990 85078 7ff70e892760 53 API calls 2 library calls 84988->85078 84991 7ff70e891a1d 84990->84991 84992 7ff70e891bf0 49 API calls 84991->84992 84993 7ff70e891a68 84992->84993 84994 7ff70e89f9f4 73 API calls 84993->84994 84995 7ff70e891a8c 84994->84995 84996 7ff70e891aa1 84995->84996 84997 7ff70e891ab9 84995->84997 85079 7ff70e892760 53 API calls 2 library calls 84996->85079 84999 7ff70e89f6bc _fread_nolock 53 API calls 84997->84999 85000 7ff70e891ace 84999->85000 85001 7ff70e891ad4 85000->85001 85002 7ff70e891aec 85000->85002 85080 7ff70e892760 53 API calls 2 library calls 85001->85080 85081 7ff70e89f430 37 API calls 2 library calls 85002->85081 85005 7ff70e891b06 85005->84982 85082 7ff70e8925f0 53 API calls _log10_special 85005->85082 85008 7ff70e897e1a 85007->85008 85009 7ff70e8986b0 2 API calls 85008->85009 85010 7ff70e897e39 GetEnvironmentVariableW 85009->85010 85011 7ff70e897ea2 85010->85011 85012 7ff70e897e56 ExpandEnvironmentStringsW 85010->85012 85014 7ff70e89b870 _log10_special 8 API calls 85011->85014 85012->85011 85013 7ff70e897e78 85012->85013 85083 7ff70e898760 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 85013->85083 85016 7ff70e897eb4 85014->85016 85016->84844 85017 7ff70e897e8a 85018 7ff70e89b870 _log10_special 8 API calls 85017->85018 85019 7ff70e897e9a 85018->85019 85019->84844 85084 7ff70e895af0 85020->85084 85024 7ff70e8930a1 85028 7ff70e8930b9 85024->85028 85154 7ff70e895800 85024->85154 85026 7ff70e8930ad 85026->85028 85163 7ff70e895990 53 API calls 85026->85163 85029 7ff70e8933a0 85028->85029 85030 7ff70e8933ae 85029->85030 85031 7ff70e8933bf 85030->85031 85226 7ff70e898180 FreeLibrary 85030->85226 85061 7ff70e896780 FreeLibrary 85031->85061 85033->84860 85034->84829 85036 7ff70e8976c4 85035->85036 85037 7ff70e89779b __std_exception_copy 85036->85037 85038 7ff70e89f9f4 73 API calls 85036->85038 85037->84843 85039 7ff70e8976e0 85038->85039 85039->85037 85227 7ff70e8a6bd8 85039->85227 85041 7ff70e8976f5 85041->85037 85042 7ff70e89f9f4 73 API calls 85041->85042 85043 7ff70e89f6bc _fread_nolock 53 API calls 85041->85043 85042->85041 85043->85041 85044->84829 85045->84829 85046->84872 85047->84880 85048->84855 85050 7ff70e891bf0 49 API calls 85049->85050 85051 7ff70e894010 85050->85051 85051->84878 85052->84886 85053->84888 85054->84892 85055->84896 85056->84905 85057->84908 85058->84890 85059->84901 85061->84903 85062->84944 85063->84944 85065 7ff70e89bb9a 85064->85065 85065->84947 85065->85065 85067 7ff70e8985df FindClose 85066->85067 85068 7ff70e8985f2 85066->85068 85067->85068 85069 7ff70e89b870 _log10_special 8 API calls 85068->85069 85070 7ff70e893442 85069->85070 85070->84954 85070->84955 85071->84952 85072->84961 85073->84966 85074->84959 85075->84952 85076->84982 85077->84982 85078->84982 85079->84982 85080->84982 85081->85005 85082->84982 85083->85017 85085 7ff70e895b05 85084->85085 85086 7ff70e891bf0 49 API calls 85085->85086 85087 7ff70e895b41 85086->85087 85088 7ff70e895b4a 85087->85088 85089 7ff70e895b6d 85087->85089 85174 7ff70e8925f0 53 API calls _log10_special 85088->85174 85091 7ff70e893fe0 49 API calls 85089->85091 85092 7ff70e895b85 85091->85092 85093 7ff70e895ba3 85092->85093 85175 7ff70e8925f0 53 API calls _log10_special 85092->85175 85164 7ff70e893f10 85093->85164 85095 7ff70e89b870 _log10_special 8 API calls 85098 7ff70e89308e 85095->85098 85098->85028 85115 7ff70e895c80 85098->85115 85099 7ff70e895bbb 85101 7ff70e893fe0 49 API calls 85099->85101 85102 7ff70e895bd4 85101->85102 85103 7ff70e895bf9 85102->85103 85104 7ff70e895bd9 85102->85104 85106 7ff70e8981a0 3 API calls 85103->85106 85176 7ff70e8925f0 53 API calls _log10_special 85104->85176 85108 7ff70e895c06 85106->85108 85107 7ff70e895b63 85107->85095 85109 7ff70e895c12 85108->85109 85110 7ff70e895c49 85108->85110 85112 7ff70e8986b0 2 API calls 85109->85112 85178 7ff70e8950b0 95 API calls 85110->85178 85113 7ff70e895c2a 85112->85113 85177 7ff70e8929e0 51 API calls _log10_special 85113->85177 85179 7ff70e894c80 85115->85179 85117 7ff70e895cba 85118 7ff70e895cc2 85117->85118 85119 7ff70e895cd3 85117->85119 85211 7ff70e8925f0 53 API calls _log10_special 85118->85211 85186 7ff70e894450 85119->85186 85123 7ff70e895cdf 85212 7ff70e8925f0 53 API calls _log10_special 85123->85212 85124 7ff70e895cf0 85127 7ff70e895cff 85124->85127 85128 7ff70e895d10 85124->85128 85126 7ff70e895cce 85126->85024 85213 7ff70e8925f0 53 API calls _log10_special 85127->85213 85190 7ff70e894700 85128->85190 85131 7ff70e895d2b 85132 7ff70e895d2f 85131->85132 85133 7ff70e895d40 85131->85133 85214 7ff70e8925f0 53 API calls _log10_special 85132->85214 85135 7ff70e895d4f 85133->85135 85136 7ff70e895d60 85133->85136 85215 7ff70e8925f0 53 API calls _log10_special 85135->85215 85197 7ff70e8945a0 85136->85197 85140 7ff70e895d6f 85216 7ff70e8925f0 53 API calls _log10_special 85140->85216 85141 7ff70e895d80 85143 7ff70e895d8f 85141->85143 85144 7ff70e895da0 85141->85144 85217 7ff70e8925f0 53 API calls _log10_special 85143->85217 85146 7ff70e895db1 85144->85146 85148 7ff70e895dc2 85144->85148 85218 7ff70e8925f0 53 API calls _log10_special 85146->85218 85151 7ff70e895dec 85148->85151 85219 7ff70e8a65c0 73 API calls 85148->85219 85150 7ff70e895dda 85220 7ff70e8a65c0 73 API calls 85150->85220 85151->85126 85221 7ff70e8925f0 53 API calls _log10_special 85151->85221 85155 7ff70e895820 85154->85155 85155->85155 85156 7ff70e895849 85155->85156 85160 7ff70e895860 __std_exception_copy 85155->85160 85225 7ff70e8925f0 53 API calls _log10_special 85156->85225 85158 7ff70e895855 85158->85026 85159 7ff70e891440 116 API calls 85159->85160 85160->85159 85161 7ff70e8925f0 53 API calls 85160->85161 85162 7ff70e89596b 85160->85162 85161->85160 85162->85026 85163->85028 85165 7ff70e893f1a 85164->85165 85166 7ff70e8986b0 2 API calls 85165->85166 85167 7ff70e893f3f 85166->85167 85168 7ff70e89b870 _log10_special 8 API calls 85167->85168 85169 7ff70e893f67 85168->85169 85169->85099 85170 7ff70e8981a0 85169->85170 85171 7ff70e8986b0 2 API calls 85170->85171 85172 7ff70e8981b4 LoadLibraryExW 85171->85172 85173 7ff70e8981d3 __std_exception_copy 85172->85173 85173->85099 85174->85107 85175->85093 85176->85107 85177->85107 85178->85107 85181 7ff70e894cac 85179->85181 85180 7ff70e894cb4 85180->85117 85181->85180 85183 7ff70e894e54 85181->85183 85222 7ff70e8a5db4 48 API calls 85181->85222 85182 7ff70e895017 __std_exception_copy 85182->85117 85183->85182 85184 7ff70e894180 47 API calls 85183->85184 85184->85183 85187 7ff70e894480 85186->85187 85188 7ff70e89b870 _log10_special 8 API calls 85187->85188 85189 7ff70e8944ea 85188->85189 85189->85123 85189->85124 85191 7ff70e89476f 85190->85191 85194 7ff70e89471b 85190->85194 85224 7ff70e894300 MultiByteToWideChar MultiByteToWideChar __std_exception_copy 85191->85224 85193 7ff70e89477c 85193->85131 85196 7ff70e89475a 85194->85196 85223 7ff70e894300 MultiByteToWideChar MultiByteToWideChar __std_exception_copy 85194->85223 85196->85131 85198 7ff70e8945b5 85197->85198 85199 7ff70e891bf0 49 API calls 85198->85199 85200 7ff70e894601 85199->85200 85201 7ff70e891bf0 49 API calls 85200->85201 85210 7ff70e894687 __std_exception_copy 85200->85210 85203 7ff70e894640 85201->85203 85202 7ff70e89b870 _log10_special 8 API calls 85204 7ff70e8946dc 85202->85204 85205 7ff70e8986b0 2 API calls 85203->85205 85203->85210 85204->85140 85204->85141 85206 7ff70e89465a 85205->85206 85207 7ff70e8986b0 2 API calls 85206->85207 85208 7ff70e894671 85207->85208 85209 7ff70e8986b0 2 API calls 85208->85209 85209->85210 85210->85202 85211->85126 85212->85126 85213->85126 85214->85126 85215->85126 85216->85126 85217->85126 85218->85126 85219->85150 85220->85151 85221->85126 85222->85181 85223->85196 85224->85193 85225->85158 85226->85031 85228 7ff70e8a6c08 85227->85228 85231 7ff70e8a66e4 85228->85231 85230 7ff70e8a6c21 85230->85041 85232 7ff70e8a66ff 85231->85232 85233 7ff70e8a672e 85231->85233 85242 7ff70e8a9b24 37 API calls 2 library calls 85232->85242 85241 7ff70e8a477c EnterCriticalSection 85233->85241 85236 7ff70e8a6733 85238 7ff70e8a6750 38 API calls 85236->85238 85237 7ff70e8a671f 85237->85230 85239 7ff70e8a673f 85238->85239 85240 7ff70e8a4788 _fread_nolock LeaveCriticalSection 85239->85240 85240->85237 85242->85237 85243 7ff70e8aec9c 85244 7ff70e8aee8e 85243->85244 85246 7ff70e8aecde _isindst 85243->85246 85289 7ff70e8a43f4 11 API calls memcpy_s 85244->85289 85246->85244 85249 7ff70e8aed5e _isindst 85246->85249 85247 7ff70e89b870 _log10_special 8 API calls 85248 7ff70e8aeea9 85247->85248 85264 7ff70e8b54a4 85249->85264 85254 7ff70e8aeeba 85256 7ff70e8a9c10 _isindst 17 API calls 85254->85256 85258 7ff70e8aeece 85256->85258 85261 7ff70e8aedbb 85263 7ff70e8aee7e 85261->85263 85288 7ff70e8b54e8 37 API calls _isindst 85261->85288 85263->85247 85265 7ff70e8b54b3 85264->85265 85268 7ff70e8aed7c 85264->85268 85290 7ff70e8af5e8 EnterCriticalSection 85265->85290 85267 7ff70e8b54bb 85267->85268 85269 7ff70e8b5314 55 API calls 85267->85269 85270 7ff70e8b48a8 85268->85270 85269->85268 85271 7ff70e8b48b1 85270->85271 85272 7ff70e8aed91 85270->85272 85291 7ff70e8a43f4 11 API calls memcpy_s 85271->85291 85272->85254 85276 7ff70e8b48d8 85272->85276 85274 7ff70e8b48b6 85292 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 85274->85292 85277 7ff70e8b48e1 85276->85277 85278 7ff70e8aeda2 85276->85278 85293 7ff70e8a43f4 11 API calls memcpy_s 85277->85293 85278->85254 85282 7ff70e8b4908 85278->85282 85280 7ff70e8b48e6 85294 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 85280->85294 85283 7ff70e8b4911 85282->85283 85284 7ff70e8aedb3 85282->85284 85295 7ff70e8a43f4 11 API calls memcpy_s 85283->85295 85284->85254 85284->85261 85286 7ff70e8b4916 85296 7ff70e8a9bf0 37 API calls _invalid_parameter_noinfo 85286->85296 85288->85263 85289->85263 85291->85274 85292->85272 85293->85280 85294->85278 85295->85286 85296->85284

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00007FFE0CF97CB8 Relevance: 131.6, APIs: 48, Strings: 27, Instructions: 310COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 7ffe0cf97cb8-7ffe0cf97cd0 sqlite3_libversion_number 1 7ffe0cf97cd6-7ffe0cf97cde sqlite3_initialize 0->1 2 7ffe0cf9d9f4-7ffe0cf9d9fb 0->2 4 7ffe0cf9d9fd-7ffe0cf9da05 sqlite3_errstr 1->4 5 7ffe0cf97ce4-7ffe0cf97cee call 7ffe0cf9825c 1->5 3 7ffe0cf9da08-7ffe0cf9da12 PyErr_SetString 2->3 7 7ffe0cf9da18 3->7 4->3 9 7ffe0cf981c3-7ffe0cf981ca sqlite3_shutdown 5->9 10 7ffe0cf97cf4-7ffe0cf97cfe call 7ffe0cf9837c 5->10 11 7ffe0cf9da20-7ffe0cf9da23 7->11 9->7 10->9 17 7ffe0cf97d04-7ffe0cf97d0e call 7ffe0cf983c4 10->17 13 7ffe0cf9da3f-7ffe0cf9da45 11->13 14 7ffe0cf9da25-7ffe0cf9da3a PyErr_Format 11->14 15 7ffe0cf9815c-7ffe0cf9816e PyModule_AddIntConstant 13->15 14->9 15->9 18 7ffe0cf98170-7ffe0cf9817a call 7ffe0cf98334 15->18 17->9 24 7ffe0cf97d14-7ffe0cf97d1e call 7ffe0cf981d0 17->24 18->9 23 7ffe0cf9817c-7ffe0cf98186 call 7ffe0cf982ec 18->23 23->9 29 7ffe0cf98188-7ffe0cf981af PyModule_GetState _PyImport_GetModuleAttrString 23->29 24->9 30 7ffe0cf97d24-7ffe0cf97d2e call 7ffe0cf982a4 24->30 29->9 31 7ffe0cf981b1-7ffe0cf981bd 29->31 30->9 34 7ffe0cf97d34-7ffe0cf97d3e call 7ffe0cf98218 30->34 34->9 37 7ffe0cf97d44-7ffe0cf97d5f PyModule_GetState PyModule_AddType 34->37 37->9 38 7ffe0cf97d65-7ffe0cf97d74 PyModule_AddType 37->38 38->9 39 7ffe0cf97d7a-7ffe0cf97d8c PyModule_AddType 38->39 39->9 40 7ffe0cf97d92-7ffe0cf97da4 PyModule_AddType 39->40 40->9 41 7ffe0cf97daa-7ffe0cf97dbc PyModule_AddType 40->41 41->9 42 7ffe0cf97dc2-7ffe0cf97de3 PyErr_NewException 41->42 42->9 43 7ffe0cf97de9-7ffe0cf97df7 PyModule_AddType 42->43 43->9 44 7ffe0cf97dfd-7ffe0cf97e1e PyErr_NewException 43->44 44->9 45 7ffe0cf97e24-7ffe0cf97e32 PyModule_AddType 44->45 45->9 46 7ffe0cf97e38-7ffe0cf97e53 PyErr_NewException 45->46 46->9 47 7ffe0cf97e59-7ffe0cf97e67 PyModule_AddType 46->47 47->9 48 7ffe0cf97e6d-7ffe0cf97e88 PyErr_NewException 47->48 48->9 49 7ffe0cf97e8e-7ffe0cf97e9c PyModule_AddType 48->49 49->9 50 7ffe0cf97ea2-7ffe0cf97ebd PyErr_NewException 49->50 50->9 51 7ffe0cf97ec3-7ffe0cf97ed1 PyModule_AddType 50->51 51->9 52 7ffe0cf97ed7-7ffe0cf97ef2 PyErr_NewException 51->52 52->9 53 7ffe0cf97ef8-7ffe0cf97f06 PyModule_AddType 52->53 53->9 54 7ffe0cf97f0c-7ffe0cf97f27 PyErr_NewException 53->54 54->9 55 7ffe0cf97f2d-7ffe0cf97f3b PyModule_AddType 54->55 55->9 56 7ffe0cf97f41-7ffe0cf97f5c PyErr_NewException 55->56 56->9 57 7ffe0cf97f62-7ffe0cf97f70 PyModule_AddType 56->57 57->9 58 7ffe0cf97f76-7ffe0cf97f90 PyErr_NewException 57->58 58->9 59 7ffe0cf97f96-7ffe0cf97fa4 PyModule_AddType 58->59 59->9 60 7ffe0cf97faa-7ffe0cf97fc5 PyErr_NewException 59->60 60->9 61 7ffe0cf97fcb-7ffe0cf97fd9 PyModule_AddType 60->61 61->9 62 7ffe0cf97fdf-7ffe0cf97fef PyUnicode_InternFromString 61->62 62->9 63 7ffe0cf97ff5-7ffe0cf9800c PyUnicode_InternFromString 62->63 63->9 64 7ffe0cf98012-7ffe0cf98029 PyUnicode_InternFromString 63->64 64->9 65 7ffe0cf9802f-7ffe0cf98046 PyUnicode_InternFromString 64->65 65->9 66 7ffe0cf9804c-7ffe0cf98063 PyUnicode_InternFromString 65->66 66->9 67 7ffe0cf98069-7ffe0cf98080 PyUnicode_InternFromString 66->67 67->9 68 7ffe0cf98086-7ffe0cf9809d PyUnicode_InternFromString 67->68 68->9 69 7ffe0cf980a3-7ffe0cf980ba PyUnicode_InternFromString 68->69 69->9 70 7ffe0cf980c0-7ffe0cf980d1 call 7ffe0cf98410 69->70 70->9 73 7ffe0cf980d7-7ffe0cf980e1 call 7ffe0cf98480 70->73 73->9 76 7ffe0cf980e7-7ffe0cf98100 PyModule_AddStringConstant 73->76 76->9 77 7ffe0cf98106-7ffe0cf98121 sqlite3_libversion PyModule_AddStringConstant 76->77 77->9 78 7ffe0cf98127-7ffe0cf9813d PyModule_AddIntConstant 77->78 78->9 79 7ffe0cf98143-7ffe0cf9814d sqlite3_threadsafe 78->79 80 7ffe0cf9814f-7ffe0cf98152 79->80 81 7ffe0cf981be-7ffe0cf981c1 79->81 80->11 82 7ffe0cf98158 80->82 81->15 82->15
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Module_$Constant$Type$From$Err_String$Exception$InternStateUnicode_$Module$SpecType_$AttrFormatImport_sqlite3_errstrsqlite3_initializesqlite3_libversionsqlite3_libversion_numbersqlite3_shutdownsqlite3_threadsafe
                                                                                                                                                                                                                  • String ID: 2.6.0$LEGACY_TRANSACTION_CONTROL$Unable to interpret SQLite threadsafety mode. Got %d, expected 0, 1, or 2$__adapt__$__conform__$_deprecated_version$executescript$finalize$functools$inverse$lru_cache$sqlite3.DataError$sqlite3.DatabaseError$sqlite3.Error$sqlite3.IntegrityError$sqlite3.InterfaceError$sqlite3.InternalError$sqlite3.NotSupportedError$sqlite3.OperationalError$sqlite3.ProgrammingError$sqlite3.Warning$sqlite3: SQLite 3.7.15 or higher required$sqlite_version$step$threadsafety$upper$value
                                                                                                                                                                                                                  • API String ID: 3715894170-1388897118
                                                                                                                                                                                                                  • Opcode ID: 5c413ef13c712f9421b4ef3252a37679bf032f91ef1cc4dfc4b2bdcce4aeb73c
                                                                                                                                                                                                                  • Instruction ID: 529e4bacbdb38b6e27befa08f0aa99adfe9624b3fdd88ae570fb8677de1ba491
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c413ef13c712f9421b4ef3252a37679bf032f91ef1cc4dfc4b2bdcce4aeb73c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAE1DC60B89B0392FE449B6DE855A7563E2EF46BC4F595534C90E862B0EF3DF0948703
                                                                                                                                                                                                                  Function 00007FF70E891000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 136 7ff70e891000-7ff70e893536 call 7ff70e89f138 call 7ff70e89f140 call 7ff70e89bb70 call 7ff70e8a4700 call 7ff70e8a4794 call 7ff70e8933e0 150 7ff70e893544-7ff70e893566 call 7ff70e8918f0 136->150 151 7ff70e893538-7ff70e89353f 136->151 157 7ff70e893736-7ff70e89374c call 7ff70e893f70 150->157 158 7ff70e89356c-7ff70e893583 call 7ff70e891bf0 150->158 152 7ff70e89371a-7ff70e893735 call 7ff70e89b870 151->152 163 7ff70e893785-7ff70e89379a call 7ff70e8925f0 157->163 164 7ff70e89374e-7ff70e89377b call 7ff70e8976a0 157->164 162 7ff70e893588-7ff70e8935c1 158->162 165 7ff70e893653-7ff70e89366d call 7ff70e897e10 162->165 166 7ff70e8935c7-7ff70e8935cb 162->166 180 7ff70e893712 163->180 177 7ff70e89379f-7ff70e8937be call 7ff70e891bf0 164->177 178 7ff70e89377d-7ff70e893780 call 7ff70e89f36c 164->178 181 7ff70e89366f-7ff70e893675 165->181 182 7ff70e893695-7ff70e89369c 165->182 170 7ff70e893638-7ff70e89364d call 7ff70e8918e0 166->170 171 7ff70e8935cd-7ff70e8935e5 call 7ff70e8a4560 166->171 170->165 170->166 187 7ff70e8935f2-7ff70e89360a call 7ff70e8a4560 171->187 188 7ff70e8935e7-7ff70e8935eb 171->188 197 7ff70e8937c1-7ff70e8937ca 177->197 178->163 180->152 185 7ff70e893682-7ff70e893690 call 7ff70e8a415c 181->185 186 7ff70e893677-7ff70e893680 181->186 189 7ff70e8936a2-7ff70e8936c0 call 7ff70e897e10 call 7ff70e897f80 182->189 190 7ff70e893844-7ff70e893863 call 7ff70e893e90 182->190 185->182 186->185 202 7ff70e893617-7ff70e89362f call 7ff70e8a4560 187->202 203 7ff70e89360c-7ff70e893610 187->203 188->187 214 7ff70e89380f-7ff70e89381e call 7ff70e898400 189->214 215 7ff70e8936c6-7ff70e8936c9 189->215 205 7ff70e893871-7ff70e893882 call 7ff70e891bf0 190->205 206 7ff70e893865-7ff70e89386f call 7ff70e893fe0 190->206 197->197 201 7ff70e8937cc-7ff70e8937e9 call 7ff70e8918f0 197->201 201->162 218 7ff70e8937ef-7ff70e893800 call 7ff70e8925f0 201->218 202->170 219 7ff70e893631 202->219 203->202 217 7ff70e893887-7ff70e8938a1 call 7ff70e8986b0 205->217 206->217 231 7ff70e893820 214->231 232 7ff70e89382c-7ff70e893836 call 7ff70e897c40 214->232 215->214 220 7ff70e8936cf-7ff70e8936f6 call 7ff70e891bf0 215->220 227 7ff70e8938af-7ff70e8938c1 SetDllDirectoryW 217->227 228 7ff70e8938a3 217->228 218->180 219->170 236 7ff70e893805-7ff70e89380d call 7ff70e8a415c 220->236 237 7ff70e8936fc-7ff70e893703 call 7ff70e8925f0 220->237 234 7ff70e8938d0-7ff70e8938ec call 7ff70e896560 call 7ff70e896b00 227->234 235 7ff70e8938c3-7ff70e8938ca 227->235 228->227 231->232 232->217 245 7ff70e893838 232->245 254 7ff70e893947-7ff70e89394a call 7ff70e896510 234->254 255 7ff70e8938ee-7ff70e8938f4 234->255 235->234 239 7ff70e893a50-7ff70e893a58 235->239 236->217 248 7ff70e893708-7ff70e89370a 237->248 243 7ff70e893a5a-7ff70e893a77 PostMessageW GetMessageW 239->243 244 7ff70e893a7d-7ff70e893a92 call 7ff70e8933d0 call 7ff70e893080 call 7ff70e8933a0 239->244 243->244 265 7ff70e893a97-7ff70e893aaf call 7ff70e896780 call 7ff70e896510 244->265 245->190 248->180 263 7ff70e89394f-7ff70e893956 254->263 257 7ff70e8938f6-7ff70e893903 call 7ff70e8965a0 255->257 258 7ff70e89390e-7ff70e893918 call 7ff70e896970 255->258 257->258 271 7ff70e893905-7ff70e89390c 257->271 268 7ff70e893923-7ff70e893931 call 7ff70e896cd0 258->268 269 7ff70e89391a-7ff70e893921 258->269 263->239 267 7ff70e89395c-7ff70e893966 call 7ff70e8930e0 263->267 267->248 277 7ff70e89396c-7ff70e893980 call 7ff70e8983e0 267->277 268->263 282 7ff70e893933 268->282 274 7ff70e89393a-7ff70e893942 call 7ff70e892870 call 7ff70e896780 269->274 271->274 274->254 287 7ff70e893982-7ff70e89399f PostMessageW GetMessageW 277->287 288 7ff70e8939a5-7ff70e8939e8 call 7ff70e897f20 call 7ff70e897fc0 call 7ff70e896780 call 7ff70e896510 call 7ff70e897ec0 277->288 282->274 287->288 299 7ff70e8939ea-7ff70e893a00 call 7ff70e8981f0 call 7ff70e897ec0 288->299 300 7ff70e893a3d-7ff70e893a4b call 7ff70e8918a0 288->300 299->300 307 7ff70e893a02-7ff70e893a10 299->307 300->248 308 7ff70e893a31-7ff70e893a38 call 7ff70e892870 307->308 309 7ff70e893a12-7ff70e893a2c call 7ff70e8925f0 call 7ff70e8918a0 307->309 308->300 309->248
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                  • API String ID: 514040917-585287483
                                                                                                                                                                                                                  • Opcode ID: c5d5e495bd61fe344249f7605fb933625fa15eb8c761ae1beab3e43f7f417bc2
                                                                                                                                                                                                                  • Instruction ID: 0bf33f98475e92c2319e88f0d7bd6a6740c331d801c4e57cee728f42fc92b02f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5d5e495bd61fe344249f7605fb933625fa15eb8c761ae1beab3e43f7f417bc2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF16C21F08A82A1FA19FB61DD54AF9E251AF55780FC86032DA5D436D6EF2CF578C320
                                                                                                                                                                                                                  Function 00007FF70E8B4F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 438 7ff70e8b4f10-7ff70e8b4f4b call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 445 7ff70e8b4f51-7ff70e8b4f5c call 7ff70e8b48a8 438->445 446 7ff70e8b5175-7ff70e8b51c1 call 7ff70e8a9c10 call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 438->446 445->446 451 7ff70e8b4f62-7ff70e8b4f6c 445->451 472 7ff70e8b52ff-7ff70e8b536d call 7ff70e8a9c10 call 7ff70e8b0888 446->472 473 7ff70e8b51c7-7ff70e8b51d2 call 7ff70e8b48a8 446->473 453 7ff70e8b4f8e-7ff70e8b4f92 451->453 454 7ff70e8b4f6e-7ff70e8b4f71 451->454 457 7ff70e8b4f95-7ff70e8b4f9d 453->457 456 7ff70e8b4f74-7ff70e8b4f7f 454->456 460 7ff70e8b4f81-7ff70e8b4f88 456->460 461 7ff70e8b4f8a-7ff70e8b4f8c 456->461 457->457 462 7ff70e8b4f9f-7ff70e8b4fb2 call 7ff70e8ac90c 457->462 460->456 460->461 461->453 465 7ff70e8b4fbb-7ff70e8b4fc9 461->465 468 7ff70e8b4fb4-7ff70e8b4fb6 call 7ff70e8a9c58 462->468 469 7ff70e8b4fca-7ff70e8b4fd6 call 7ff70e8a9c58 462->469 468->465 479 7ff70e8b4fdd-7ff70e8b4fe5 469->479 492 7ff70e8b536f-7ff70e8b5376 472->492 493 7ff70e8b537b-7ff70e8b537e 472->493 473->472 481 7ff70e8b51d8-7ff70e8b51e3 call 7ff70e8b48d8 473->481 479->479 482 7ff70e8b4fe7-7ff70e8b4ff8 call 7ff70e8af784 479->482 481->472 490 7ff70e8b51e9-7ff70e8b520c call 7ff70e8a9c58 GetTimeZoneInformation 481->490 482->446 491 7ff70e8b4ffe-7ff70e8b5054 call 7ff70e8b97e0 * 4 call 7ff70e8b4e2c 482->491 508 7ff70e8b5212-7ff70e8b5233 490->508 509 7ff70e8b52d4-7ff70e8b52fe call 7ff70e8b4890 call 7ff70e8b4880 call 7ff70e8b4888 490->509 550 7ff70e8b5056-7ff70e8b505a 491->550 496 7ff70e8b540b-7ff70e8b540e 492->496 497 7ff70e8b5380 493->497 498 7ff70e8b53b5-7ff70e8b53c8 call 7ff70e8ac90c 493->498 499 7ff70e8b5383 496->499 500 7ff70e8b5414-7ff70e8b541c call 7ff70e8b4f10 496->500 497->499 514 7ff70e8b53d3-7ff70e8b53ee call 7ff70e8b0888 498->514 515 7ff70e8b53ca 498->515 504 7ff70e8b5388-7ff70e8b53b4 call 7ff70e8a9c58 call 7ff70e89b870 499->504 505 7ff70e8b5383 call 7ff70e8b518c 499->505 500->504 505->504 517 7ff70e8b5235-7ff70e8b523b 508->517 518 7ff70e8b523e-7ff70e8b5245 508->518 538 7ff70e8b53f0-7ff70e8b53f3 514->538 539 7ff70e8b53f5-7ff70e8b5407 call 7ff70e8a9c58 514->539 524 7ff70e8b53cc-7ff70e8b53d1 call 7ff70e8a9c58 515->524 517->518 519 7ff70e8b5259 518->519 520 7ff70e8b5247-7ff70e8b524f 518->520 529 7ff70e8b525b-7ff70e8b52cf call 7ff70e8b97e0 * 4 call 7ff70e8b1e6c call 7ff70e8b5424 * 2 519->529 520->519 526 7ff70e8b5251-7ff70e8b5257 520->526 524->497 526->529 529->509 538->524 539->496 552 7ff70e8b5060-7ff70e8b5064 550->552 553 7ff70e8b505c 550->553 552->550 555 7ff70e8b5066-7ff70e8b508b call 7ff70e8a5e68 552->555 553->552 561 7ff70e8b508e-7ff70e8b5092 555->561 563 7ff70e8b50a1-7ff70e8b50a5 561->563 564 7ff70e8b5094-7ff70e8b509f 561->564 563->561 564->563 566 7ff70e8b50a7-7ff70e8b50ab 564->566 569 7ff70e8b50ad-7ff70e8b50d5 call 7ff70e8a5e68 566->569 570 7ff70e8b512c-7ff70e8b5130 566->570 578 7ff70e8b50f3-7ff70e8b50f7 569->578 579 7ff70e8b50d7 569->579 572 7ff70e8b5132-7ff70e8b5134 570->572 573 7ff70e8b5137-7ff70e8b5144 570->573 572->573 574 7ff70e8b515f-7ff70e8b516e call 7ff70e8b4890 call 7ff70e8b4880 573->574 575 7ff70e8b5146-7ff70e8b515c call 7ff70e8b4e2c 573->575 574->446 575->574 578->570 584 7ff70e8b50f9-7ff70e8b5117 call 7ff70e8a5e68 578->584 582 7ff70e8b50da-7ff70e8b50e1 579->582 582->578 585 7ff70e8b50e3-7ff70e8b50f1 582->585 590 7ff70e8b5123-7ff70e8b512a 584->590 585->578 585->582 590->570 591 7ff70e8b5119-7ff70e8b511d 590->591 591->570 592 7ff70e8b511f 591->592 592->590
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B4F55
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48BC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: HeapFree.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF70E8A9BEF,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8A9C19
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF70E8A9BEF,?,?,?,?,?,00007FF70E8A9ADA), ref: 00007FF70E8A9C3E
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B4F44
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B491C
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51BA
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51CB
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51DC
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF70E8B541C), ref: 00007FF70E8B5203
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                                  • Opcode ID: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                                                                                                                                                  • Instruction ID: 84bd35e51ab4b91fdc3ea77f1078092b605bd44447c78b5427463b729f09a457
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D1C326E0864286E724BF25DC419B9E792EF84784FC46036DA9D476D6EF3CE461C360
                                                                                                                                                                                                                  Function 00007FFDFA989260 Relevance: 14.0, APIs: 6, Strings: 3, Instructions: 513COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 633 7ffdfa989260-7ffdfa9892df 634 7ffdfa9892e5-7ffdfa9892ef 633->634 635 7ffdfa98943d-7ffdfa989453 633->635 634->635 636 7ffdfa9892f5-7ffdfa9892f8 634->636 637 7ffdfa989459-7ffdfa98945f 635->637 638 7ffdfa98934f-7ffdfa989395 call 7ffdfa976160 635->638 636->637 639 7ffdfa9892fe 636->639 637->638 640 7ffdfa989465-7ffdfa98947b call 7ffdfa976160 637->640 645 7ffdfa98939b-7ffdfa9893ff memset 638->645 646 7ffdfa989a2e-7ffdfa989a31 638->646 642 7ffdfa989305-7ffdfa98930e 639->642 652 7ffdfa989a8e 640->652 653 7ffdfa989481-7ffdfa98949c 640->653 642->642 647 7ffdfa989310-7ffdfa98931f call 7ffdfa976160 642->647 649 7ffdfa989405-7ffdfa989421 memcpy 645->649 650 7ffdfa989728-7ffdfa989738 645->650 646->652 654 7ffdfa989a33-7ffdfa989a3a 646->654 647->652 665 7ffdfa989325-7ffdfa98933b memcpy 647->665 655 7ffdfa989427-7ffdfa989438 memcpy 649->655 656 7ffdfa9895db 649->656 657 7ffdfa98967f-7ffdfa9896a4 650->657 659 7ffdfa989a93-7ffdfa989aaa 652->659 671 7ffdfa9894b6-7ffdfa9894bd 653->671 672 7ffdfa98949e-7ffdfa9894af 653->672 660 7ffdfa989a85 654->660 661 7ffdfa989a3c-7ffdfa989a46 654->661 662 7ffdfa9895de-7ffdfa989627 memcpy * 2 655->662 656->662 663 7ffdfa9896aa-7ffdfa9896af 657->663 664 7ffdfa9897df 657->664 660->652 667 7ffdfa989a48 661->667 668 7ffdfa989a4e-7ffdfa989a7b 661->668 673 7ffdfa989629-7ffdfa989630 662->673 674 7ffdfa98967d 662->674 663->664 669 7ffdfa9896b5-7ffdfa9896e1 call 7ffdfa97ff80 663->669 675 7ffdfa9897e4-7ffdfa9897f2 664->675 670 7ffdfa989340-7ffdfa989347 665->670 667->668 668->652 699 7ffdfa989a7d-7ffdfa989a83 668->699 682 7ffdfa9896e4-7ffdfa989704 669->682 670->670 677 7ffdfa989349 670->677 678 7ffdfa9894c0-7ffdfa9894c7 671->678 672->671 679 7ffdfa989636-7ffdfa989640 673->679 680 7ffdfa98971a-7ffdfa989723 673->680 674->657 681 7ffdfa9897f5-7ffdfa9897f8 675->681 677->638 678->678 683 7ffdfa9894c9-7ffdfa9894d0 678->683 684 7ffdfa989648-7ffdfa989675 679->684 685 7ffdfa989642 679->685 680->674 686 7ffdfa9898ab-7ffdfa9898b5 681->686 687 7ffdfa9897fe-7ffdfa989819 call 7ffdfa9887e0 681->687 693 7ffdfa9897da-7ffdfa9897dd 682->693 694 7ffdfa98970a-7ffdfa989714 682->694 695 7ffdfa9894d7-7ffdfa9894de 683->695 684->674 721 7ffdfa989677 684->721 685->684 691 7ffdfa9898b7-7ffdfa9898c0 686->691 692 7ffdfa9898c3-7ffdfa9898d6 call 7ffdfa9846a0 686->692 687->686 706 7ffdfa98981f-7ffdfa9898a3 687->706 691->692 717 7ffdfa9898dc-7ffdfa9898e6 692->717 718 7ffdfa989a20-7ffdfa989a2c 692->718 693->681 701 7ffdfa989716-7ffdfa989718 694->701 702 7ffdfa98973d-7ffdfa989740 694->702 695->695 696 7ffdfa9894e0-7ffdfa9894f7 695->696 704 7ffdfa989547-7ffdfa98954e 696->704 705 7ffdfa9894f9 696->705 699->652 703 7ffdfa989742-7ffdfa98974a 701->703 702->703 712 7ffdfa98974c-7ffdfa989760 call 7ffdfa987bb0 703->712 713 7ffdfa98976e-7ffdfa989784 call 7ffdfaa36c60 703->713 714 7ffdfa989550-7ffdfa989557 704->714 715 7ffdfa989572-7ffdfa989579 704->715 709 7ffdfa989500-7ffdfa989507 705->709 730 7ffdfa9898a5 706->730 731 7ffdfa989909-7ffdfa98990f 706->731 719 7ffdfa989510-7ffdfa989519 709->719 712->713 739 7ffdfa989762-7ffdfa989767 712->739 740 7ffdfa989786-7ffdfa98979b call 7ffdfa9ee090 713->740 741 7ffdfa98979d 713->741 714->638 723 7ffdfa98955d-7ffdfa98956c call 7ffdfaa35c70 714->723 725 7ffdfa9895ca 715->725 726 7ffdfa98957b-7ffdfa989585 715->726 727 7ffdfa9898e8 717->727 728 7ffdfa9898ee-7ffdfa989901 717->728 718->659 719->719 729 7ffdfa98951b-7ffdfa989529 719->729 721->674 723->638 723->715 738 7ffdfa9895d3-7ffdfa9895d6 725->738 736 7ffdfa989587 726->736 737 7ffdfa98958d-7ffdfa9895ba 726->737 727->728 728->731 743 7ffdfa989530-7ffdfa989539 729->743 730->686 744 7ffdfa989938-7ffdfa989948 731->744 745 7ffdfa989911-7ffdfa989934 731->745 736->737 737->738 759 7ffdfa9895bc-7ffdfa9895c5 737->759 738->659 739->713 749 7ffdfa98979f-7ffdfa9897a4 740->749 741->749 743->743 750 7ffdfa98953b-7ffdfa989545 743->750 757 7ffdfa98994a 744->757 758 7ffdfa989950-7ffdfa989981 744->758 745->744 752 7ffdfa9897a6-7ffdfa9897bc call 7ffdfaa36c60 749->752 753 7ffdfa9897d2-7ffdfa9897d8 749->753 750->704 750->709 752->693 763 7ffdfa9897be-7ffdfa9897d0 call 7ffdfa9ee090 752->763 753->675 757->758 761 7ffdfa989983-7ffdfa989992 758->761 762 7ffdfa989994-7ffdfa98999b 758->762 759->659 764 7ffdfa98999f-7ffdfa9899c1 call 7ffdfa987bb0 761->764 762->764 763->693 763->753 770 7ffdfa9899c9-7ffdfa9899cc 764->770 771 7ffdfa9899c3-7ffdfa9899c7 764->771 773 7ffdfa9899ce-7ffdfa9899d1 770->773 774 7ffdfa9899d3 770->774 772 7ffdfa9899d7-7ffdfa9899e9 771->772 775 7ffdfa9899eb-7ffdfa9899f2 772->775 776 7ffdfa9899f4-7ffdfa989a06 772->776 773->772 773->774 774->772 777 7ffdfa989a0a-7ffdfa989a1e 775->777 776->777 777->659
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058331318.00007FFDFA971000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFDFA970000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058304770.00007FFDFA970000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058478564.00007FFDFAAD4000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058505827.00007FFDFAAD9000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdfa970000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                                  • String ID: -journal$immutable$nolock
                                                                                                                                                                                                                  • API String ID: 438689982-4201244970
                                                                                                                                                                                                                  • Opcode ID: 89665e3cc0cd5cf3f65affdf820499fd118e95f9d37eec5b1f6550a10e1c4769
                                                                                                                                                                                                                  • Instruction ID: c7cdf0ff3f993a206bc0bada080c2ba34d97e64d8c79c2428f58339214ce43a3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89665e3cc0cd5cf3f65affdf820499fd118e95f9d37eec5b1f6550a10e1c4769
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1532B226B0978286EB688F259460B7937A1FF45B95F848274CA7E4BBD8DF3CE455C300
                                                                                                                                                                                                                  Function 00007FF70E8B5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 853 7ff70e8b5c74-7ff70e8b5ce7 call 7ff70e8b59a8 856 7ff70e8b5d01-7ff70e8b5d0b call 7ff70e8a7830 853->856 857 7ff70e8b5ce9-7ff70e8b5cf2 call 7ff70e8a43d4 853->857 863 7ff70e8b5d26-7ff70e8b5d8f CreateFileW 856->863 864 7ff70e8b5d0d-7ff70e8b5d24 call 7ff70e8a43d4 call 7ff70e8a43f4 856->864 862 7ff70e8b5cf5-7ff70e8b5cfc call 7ff70e8a43f4 857->862 877 7ff70e8b6042-7ff70e8b6062 862->877 867 7ff70e8b5d91-7ff70e8b5d97 863->867 868 7ff70e8b5e0c-7ff70e8b5e17 GetFileType 863->868 864->862 869 7ff70e8b5dd9-7ff70e8b5e07 GetLastError call 7ff70e8a4368 867->869 870 7ff70e8b5d99-7ff70e8b5d9d 867->870 872 7ff70e8b5e19-7ff70e8b5e54 GetLastError call 7ff70e8a4368 CloseHandle 868->872 873 7ff70e8b5e6a-7ff70e8b5e71 868->873 869->862 870->869 875 7ff70e8b5d9f-7ff70e8b5dd7 CreateFileW 870->875 872->862 888 7ff70e8b5e5a-7ff70e8b5e65 call 7ff70e8a43f4 872->888 880 7ff70e8b5e73-7ff70e8b5e77 873->880 881 7ff70e8b5e79-7ff70e8b5e7c 873->881 875->868 875->869 885 7ff70e8b5e82-7ff70e8b5ed7 call 7ff70e8a7748 880->885 881->885 886 7ff70e8b5e7e 881->886 891 7ff70e8b5ef6-7ff70e8b5f27 call 7ff70e8b5728 885->891 892 7ff70e8b5ed9-7ff70e8b5ee5 call 7ff70e8b5bb0 885->892 886->885 888->862 899 7ff70e8b5f29-7ff70e8b5f2b 891->899 900 7ff70e8b5f2d-7ff70e8b5f6f 891->900 892->891 898 7ff70e8b5ee7 892->898 901 7ff70e8b5ee9-7ff70e8b5ef1 call 7ff70e8a9dd0 898->901 899->901 902 7ff70e8b5f91-7ff70e8b5f9c 900->902 903 7ff70e8b5f71-7ff70e8b5f75 900->903 901->877 905 7ff70e8b5fa2-7ff70e8b5fa6 902->905 906 7ff70e8b6040 902->906 903->902 904 7ff70e8b5f77-7ff70e8b5f8c 903->904 904->902 905->906 908 7ff70e8b5fac-7ff70e8b5ff1 CloseHandle CreateFileW 905->908 906->877 910 7ff70e8b6026-7ff70e8b603b 908->910 911 7ff70e8b5ff3-7ff70e8b6021 GetLastError call 7ff70e8a4368 call 7ff70e8a7970 908->911 910->906 911->910
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                  • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                  • Instruction ID: 62fc2163feb08c4b1ce82b949d0db8047d0f870b058d285b438cb83505717d6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1C1C332B28A4186EB10DF65C890AAC7762FF49B98B452235DE6E977D4DF38D461C310
                                                                                                                                                                                                                  Function 00007FF70E8B518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1158 7ff70e8b518c-7ff70e8b51c1 call 7ff70e8b4898 call 7ff70e8b48a0 call 7ff70e8b4908 1165 7ff70e8b52ff-7ff70e8b536d call 7ff70e8a9c10 call 7ff70e8b0888 1158->1165 1166 7ff70e8b51c7-7ff70e8b51d2 call 7ff70e8b48a8 1158->1166 1178 7ff70e8b536f-7ff70e8b5376 1165->1178 1179 7ff70e8b537b-7ff70e8b537e 1165->1179 1166->1165 1171 7ff70e8b51d8-7ff70e8b51e3 call 7ff70e8b48d8 1166->1171 1171->1165 1177 7ff70e8b51e9-7ff70e8b520c call 7ff70e8a9c58 GetTimeZoneInformation 1171->1177 1192 7ff70e8b5212-7ff70e8b5233 1177->1192 1193 7ff70e8b52d4-7ff70e8b52fe call 7ff70e8b4890 call 7ff70e8b4880 call 7ff70e8b4888 1177->1193 1181 7ff70e8b540b-7ff70e8b540e 1178->1181 1182 7ff70e8b5380 1179->1182 1183 7ff70e8b53b5-7ff70e8b53c8 call 7ff70e8ac90c 1179->1183 1184 7ff70e8b5383 1181->1184 1185 7ff70e8b5414-7ff70e8b541c call 7ff70e8b4f10 1181->1185 1182->1184 1196 7ff70e8b53d3-7ff70e8b53ee call 7ff70e8b0888 1183->1196 1197 7ff70e8b53ca 1183->1197 1188 7ff70e8b5388-7ff70e8b53b4 call 7ff70e8a9c58 call 7ff70e89b870 1184->1188 1189 7ff70e8b5383 call 7ff70e8b518c 1184->1189 1185->1188 1189->1188 1199 7ff70e8b5235-7ff70e8b523b 1192->1199 1200 7ff70e8b523e-7ff70e8b5245 1192->1200 1217 7ff70e8b53f0-7ff70e8b53f3 1196->1217 1218 7ff70e8b53f5-7ff70e8b5407 call 7ff70e8a9c58 1196->1218 1205 7ff70e8b53cc-7ff70e8b53d1 call 7ff70e8a9c58 1197->1205 1199->1200 1201 7ff70e8b5259 1200->1201 1202 7ff70e8b5247-7ff70e8b524f 1200->1202 1209 7ff70e8b525b-7ff70e8b52cf call 7ff70e8b97e0 * 4 call 7ff70e8b1e6c call 7ff70e8b5424 * 2 1201->1209 1202->1201 1207 7ff70e8b5251-7ff70e8b5257 1202->1207 1205->1182 1207->1209 1209->1193 1217->1205 1218->1181
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51BA
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B491C
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51CB
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48BC
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF70E8B51DC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8B48D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF70E8B48EC
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: HeapFree.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C6E
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8A9C58: GetLastError.KERNEL32(?,?,?,00007FF70E8B2032,?,?,?,00007FF70E8B206F,?,?,00000000,00007FF70E8B2535,?,?,?,00007FF70E8B2467), ref: 00007FF70E8A9C78
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF70E8B541C), ref: 00007FF70E8B5203
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                                  • Opcode ID: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                                                                                                                                                  • Instruction ID: 89775383cc8575387a198de3593a39069f9e01af823ae4f581689a5ec7daae73
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB519232A186428AE710FF21EC819A9E361FF88784FC46136DA9D476D6DF3CE4608760
                                                                                                                                                                                                                  Function 00007FFDFA992210 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 581stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058331318.00007FFDFA971000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFDFA970000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058304770.00007FFDFA970000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058478564.00007FFDFAAD4000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058505827.00007FFDFAAD9000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdfa970000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memcpystrcmp
                                                                                                                                                                                                                  • String ID: :memory:
                                                                                                                                                                                                                  • API String ID: 4075415522-2920599690
                                                                                                                                                                                                                  • Opcode ID: 735294745ab2cdb39fb2fa76e59835d3c14c103e153b7a06ba9678b97c39f4bb
                                                                                                                                                                                                                  • Instruction ID: a1a702a996f6e91c517d56866c72a995f21bbb88da450906c01ec0f213301f3d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735294745ab2cdb39fb2fa76e59835d3c14c103e153b7a06ba9678b97c39f4bb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C428226B0D78296FB6C8B25A560B7937A0FF48B48F4441B5CA6D877D9DF3CE4958300
                                                                                                                                                                                                                  Function 00007FF70E8985A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                  • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                  • Instruction ID: fc2539d33fa22abe95fee1b7db85de8ced873cd84b358538242530d32122af0d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF06822A1974286F7609F60B889B66B350FF45768F841339D96E066D4DF3CE0698A14
                                                                                                                                                                                                                  Function 00007FFE0CF963B0 Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 233threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 83 7ffe0cf963b0-7ffe0cf963f8 PySys_Audit 84 7ffe0cf963fe-7ffe0cf9640e PyUnicode_FSConverter 83->84 85 7ffe0cf96704-7ffe0cf96709 83->85 84->85 87 7ffe0cf96414-7ffe0cf9641b 84->87 86 7ffe0cf966a7-7ffe0cf966ca 85->86 88 7ffe0cf9670b-7ffe0cf96726 call 7ffe0cf942a0 87->88 89 7ffe0cf96421-7ffe0cf9645f PyEval_SaveThread sqlite3_open_v2 87->89 88->89 103 7ffe0cf9672c 88->103 90 7ffe0cf9647b-7ffe0cf9648c PyEval_RestoreThread 89->90 91 7ffe0cf96461-7ffe0cf96475 sqlite3_busy_timeout 89->91 93 7ffe0cf9649a-7ffe0cf964a2 90->93 94 7ffe0cf9648e-7ffe0cf96492 90->94 91->90 97 7ffe0cf964a8-7ffe0cf964c7 PyType_GetModuleByDef PyModule_GetState 93->97 98 7ffe0cf9d3f0-7ffe0cf9d3f3 93->98 94->93 96 7ffe0cf96494 _Py_Dealloc 94->96 96->93 101 7ffe0cf966e6-7ffe0cf966f1 call 7ffe0cf958f0 97->101 102 7ffe0cf964cd-7ffe0cf964e7 PyLong_FromLong 97->102 98->97 100 7ffe0cf9d3f9-7ffe0cf9d400 PyErr_NoMemory 98->100 100->85 104 7ffe0cf966f6-7ffe0cf966fe sqlite3_close 101->104 102->104 105 7ffe0cf964ed-7ffe0cf96517 PyObject_Vectorcall 102->105 103->85 104->85 107 7ffe0cf9651d-7ffe0cf96520 105->107 108 7ffe0cf9d405-7ffe0cf9d409 105->108 107->104 110 7ffe0cf96526-7ffe0cf96545 PyObject_Vectorcall 107->110 108->107 109 7ffe0cf9d40f-7ffe0cf9d416 _Py_Dealloc 108->109 109->107 111 7ffe0cf96556-7ffe0cf96559 110->111 112 7ffe0cf96547-7ffe0cf9654b 110->112 111->104 113 7ffe0cf9655f-7ffe0cf9656d PyList_New 111->113 112->111 114 7ffe0cf9654d-7ffe0cf96550 _Py_Dealloc 112->114 115 7ffe0cf9d41b-7ffe0cf9d41f 113->115 116 7ffe0cf96573-7ffe0cf96581 PyList_New 113->116 114->111 115->104 119 7ffe0cf9d425-7ffe0cf9d42a 115->119 117 7ffe0cf96587-7ffe0cf965e2 PyThread_get_thread_ident 116->117 118 7ffe0cf9d43f-7ffe0cf9d443 116->118 120 7ffe0cf965e8-7ffe0cf965f8 117->120 121 7ffe0cf9d46d 117->121 123 7ffe0cf9d455-7ffe0cf9d458 118->123 124 7ffe0cf9d445-7ffe0cf9d44a 118->124 119->104 122 7ffe0cf9d430 119->122 127 7ffe0cf965fe-7ffe0cf96697 PySys_Audit 120->127 128 7ffe0cf9d474 120->128 121->128 129 7ffe0cf9d433-7ffe0cf9d43a _Py_Dealloc 122->129 123->104 126 7ffe0cf9d45e-7ffe0cf9d462 123->126 124->123 125 7ffe0cf9d44c-7ffe0cf9d44f _Py_Dealloc 124->125 125->123 126->104 130 7ffe0cf9d468-7ffe0cf9d46b 126->130 127->85 131 7ffe0cf96699-7ffe0cf966a3 127->131 129->104 130->129 132 7ffe0cf966cb-7ffe0cf966e4 call 7ffe0cf94000 131->132 133 7ffe0cf966a5 131->133 132->86 133->86
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AuditDeallocEval_List_Object_Sys_ThreadVectorcall$ConverterFromLongLong_ModuleModule_RestoreSaveStateThread_get_thread_identType_Unicode_sqlite3_busy_timeoutsqlite3_closesqlite3_open_v2
                                                                                                                                                                                                                  • String ID: BEGIN$sqlite3.connect$sqlite3.connect/handle
                                                                                                                                                                                                                  • API String ID: 3562732450-2348745481
                                                                                                                                                                                                                  • Opcode ID: 0e582e4354e95a64a5f26767d257dd02f4d76d4d53f9dc00ef1b07c407e63689
                                                                                                                                                                                                                  • Instruction ID: 839ad2ee2481d801171893b125d281c9478bc348ae784c76594fa045e9f5a6ff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e582e4354e95a64a5f26767d257dd02f4d76d4d53f9dc00ef1b07c407e63689
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBB13632A48B4286EBA08F69E94426973E6FF48B94F144135DE8E83764DF3CE490C703
                                                                                                                                                                                                                  Function 00007FF70E8918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 315 7ff70e8918f0-7ff70e89192b call 7ff70e893f70 318 7ff70e891bc1-7ff70e891be5 call 7ff70e89b870 315->318 319 7ff70e891931-7ff70e891971 call 7ff70e8976a0 315->319 324 7ff70e891977-7ff70e891987 call 7ff70e89f9f4 319->324 325 7ff70e891bae-7ff70e891bb1 call 7ff70e89f36c 319->325 330 7ff70e8919a1-7ff70e8919bd call 7ff70e89f6bc 324->330 331 7ff70e891989-7ff70e89199c call 7ff70e892760 324->331 328 7ff70e891bb6-7ff70e891bbe 325->328 328->318 336 7ff70e8919bf-7ff70e8919d2 call 7ff70e892760 330->336 337 7ff70e8919d7-7ff70e8919ec call 7ff70e8a4154 330->337 331->325 336->325 342 7ff70e891a06-7ff70e891a90 call 7ff70e891bf0 * 2 call 7ff70e89f9f4 call 7ff70e8a4170 337->342 343 7ff70e8919ee-7ff70e891a01 call 7ff70e892760 337->343 353 7ff70e891a95-7ff70e891a9f 342->353 343->325 354 7ff70e891aa1-7ff70e891ab4 call 7ff70e892760 353->354 355 7ff70e891ab9-7ff70e891ad2 call 7ff70e89f6bc 353->355 354->325 360 7ff70e891ad4-7ff70e891ae7 call 7ff70e892760 355->360 361 7ff70e891aec-7ff70e891b08 call 7ff70e89f430 355->361 360->325 366 7ff70e891b0a-7ff70e891b16 call 7ff70e8925f0 361->366 367 7ff70e891b1b-7ff70e891b29 361->367 366->325 367->325 369 7ff70e891b2f-7ff70e891b3e 367->369 371 7ff70e891b40-7ff70e891b46 369->371 372 7ff70e891b60-7ff70e891b6f 371->372 373 7ff70e891b48-7ff70e891b55 371->373 372->372 374 7ff70e891b71-7ff70e891b7a 372->374 373->374 375 7ff70e891b8f 374->375 376 7ff70e891b7c-7ff70e891b7f 374->376 377 7ff70e891b91-7ff70e891bac 375->377 376->375 378 7ff70e891b81-7ff70e891b84 376->378 377->325 377->371 378->375 379 7ff70e891b86-7ff70e891b89 378->379 379->375 380 7ff70e891b8b-7ff70e891b8d 379->380 380->377
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _fread_nolock$Message
                                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                  • API String ID: 677216364-3497178890
                                                                                                                                                                                                                  • Opcode ID: d524917e89b801da10e80b3ca34b087cb2f64d4ecab2cc22987bc85bc7bfaca7
                                                                                                                                                                                                                  • Instruction ID: 81e0e235d2b429fea19210c377313285496dfedcbc3b965853240d2d0198ace1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d524917e89b801da10e80b3ca34b087cb2f64d4ecab2cc22987bc85bc7bfaca7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4071B231F1E68785EB20AB14E844AB9A391FF44784F886035E98D477D9EF6CF5648720
                                                                                                                                                                                                                  Function 00007FFE0CF960E0 Relevance: 16.7, APIs: 11, Instructions: 187COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 381 7ffe0cf960e0-7ffe0cf96124 382 7ffe0cf9612a-7ffe0cf9617c PyType_GetModuleByDef PyModule_GetState 381->382 383 7ffe0cf96254 381->383 384 7ffe0cf96199-7ffe0cf961df _PyArg_UnpackKeywords 382->384 385 7ffe0cf9617e-7ffe0cf96186 382->385 389 7ffe0cf9625d-7ffe0cf96264 383->389 387 7ffe0cf9621f-7ffe0cf96253 call 7ffe0cf9b5b0 384->387 388 7ffe0cf961e1-7ffe0cf961e7 384->388 385->384 386 7ffe0cf96188-7ffe0cf9618f 385->386 386->384 390 7ffe0cf96191-7ffe0cf96197 386->390 388->389 391 7ffe0cf961e9 388->391 393 7ffe0cf9626a-7ffe0cf96271 389->393 394 7ffe0cf96313-7ffe0cf9631e 389->394 390->388 397 7ffe0cf961ec-7ffe0cf96218 call 7ffe0cf963b0 391->397 399 7ffe0cf962ef-7ffe0cf962f9 _PyLong_AsInt 393->399 400 7ffe0cf96273-7ffe0cf9627a 393->400 395 7ffe0cf96388-7ffe0cf9638d 394->395 396 7ffe0cf96320-7ffe0cf96331 PyFloat_AsDouble 394->396 403 7ffe0cf96339-7ffe0cf9633d 395->403 396->403 404 7ffe0cf96333 396->404 415 7ffe0cf9621d 397->415 406 7ffe0cf9d3c8-7ffe0cf9d3d1 PyErr_Occurred 399->406 407 7ffe0cf962ff-7ffe0cf96303 399->407 401 7ffe0cf9627c-7ffe0cf96288 call 7ffe0cf967a0 400->401 402 7ffe0cf96290-7ffe0cf96297 400->402 401->387 421 7ffe0cf9628a-7ffe0cf9628e 401->421 412 7ffe0cf9636c-7ffe0cf96377 PyObject_IsTrue 402->412 413 7ffe0cf9629d-7ffe0cf962a2 402->413 403->391 414 7ffe0cf96343 403->414 404->403 410 7ffe0cf9d3b4-7ffe0cf9d3bd PyErr_Occurred 404->410 406->387 411 7ffe0cf9d3d7 406->411 407->400 408 7ffe0cf96309-7ffe0cf9630e 407->408 408->397 410->387 417 7ffe0cf9d3c3 410->417 422 7ffe0cf9d3dc-7ffe0cf9d3e5 PyErr_Occurred 411->422 412->387 420 7ffe0cf9637d-7ffe0cf96381 412->420 418 7ffe0cf96348-7ffe0cf9634c 413->418 419 7ffe0cf962a8-7ffe0cf962af 413->419 414->393 415->387 417->403 418->408 423 7ffe0cf9634e 418->423 424 7ffe0cf9638f-7ffe0cf9639b _PyLong_AsInt 419->424 425 7ffe0cf962b5-7ffe0cf962bc 419->425 420->408 426 7ffe0cf96383 420->426 421->402 421->408 422->387 427 7ffe0cf9d3eb 422->427 423->419 424->422 430 7ffe0cf963a1-7ffe0cf963a5 424->430 428 7ffe0cf962c2 425->428 429 7ffe0cf96353-7ffe0cf9635e PyObject_IsTrue 425->429 426->413 427->427 432 7ffe0cf962c7-7ffe0cf962ca 428->432 429->387 433 7ffe0cf96364-7ffe0cf96367 429->433 430->408 431 7ffe0cf963ab 430->431 431->425 432->397 434 7ffe0cf962d0-7ffe0cf962e0 call 7ffe0cf968d0 432->434 433->432 434->387 437 7ffe0cf962e6-7ffe0cf962ea 434->437 437->397
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Long_Object_True$Arg_DoubleFloat_KeywordsModuleModule_StateType_Unpack
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2710640889-0
                                                                                                                                                                                                                  • Opcode ID: 39b4e82897285b6c9fcb5d1be36828316231f9679d3429254f29a762e745829a
                                                                                                                                                                                                                  • Instruction ID: e0963a8169393bc3652bfabf935c881cd3642ab7a7cd188637ef5116081f9095
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39b4e82897285b6c9fcb5d1be36828316231f9679d3429254f29a762e745829a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61817C21A8DA4286EEA58B6EA45477963E2FF44B94F250139EA4DC37B0DF3CE444C703
                                                                                                                                                                                                                  Function 00007FF70E891440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                  • Opcode ID: 3a3d092e81da87bc22f4c5d63d2397fc594f6069777cf4c585c86ea3447c8b0f
                                                                                                                                                                                                                  • Instruction ID: 7c98c159a163cb3f2f29b1a0b84efcc92712e255002a6445e2914969be105f57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3d092e81da87bc22f4c5d63d2397fc594f6069777cf4c585c86ea3447c8b0f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26418E21F0D64396EA20BB55AC409BAE3A0EF047D4FD96031DA5E17AD5EF3CF4618710
                                                                                                                                                                                                                  Function 00007FF70E8911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                  • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                  • Opcode ID: ed34b5a61eb1ae49432c01d8f3b26b14114ec4dcdd25d8a26227bf2ebd5b2eda
                                                                                                                                                                                                                  • Instruction ID: 4acfda1e2c84eb3584f8fbc488912c0c9f9d3525ed6b3aba880b655127b6b2c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed34b5a61eb1ae49432c01d8f3b26b14114ec4dcdd25d8a26227bf2ebd5b2eda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8551D422E0D64385EA60BB15AC40BBAA291BF85794FC86135ED4D47BD5EF3CF521C720
                                                                                                                                                                                                                  Function 00007FF70E8AAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1045 7ff70e8aad6c-7ff70e8aad92 1046 7ff70e8aad94-7ff70e8aada8 call 7ff70e8a43d4 call 7ff70e8a43f4 1045->1046 1047 7ff70e8aadad-7ff70e8aadb1 1045->1047 1061 7ff70e8ab19e 1046->1061 1048 7ff70e8ab187-7ff70e8ab193 call 7ff70e8a43d4 call 7ff70e8a43f4 1047->1048 1049 7ff70e8aadb7-7ff70e8aadbe 1047->1049 1068 7ff70e8ab199 call 7ff70e8a9bf0 1048->1068 1049->1048 1052 7ff70e8aadc4-7ff70e8aadf2 1049->1052 1052->1048 1055 7ff70e8aadf8-7ff70e8aadff 1052->1055 1058 7ff70e8aae01-7ff70e8aae13 call 7ff70e8a43d4 call 7ff70e8a43f4 1055->1058 1059 7ff70e8aae18-7ff70e8aae1b 1055->1059 1058->1068 1064 7ff70e8aae21-7ff70e8aae27 1059->1064 1065 7ff70e8ab183-7ff70e8ab185 1059->1065 1066 7ff70e8ab1a1-7ff70e8ab1b8 1061->1066 1064->1065 1069 7ff70e8aae2d-7ff70e8aae30 1064->1069 1065->1066 1068->1061 1069->1058 1072 7ff70e8aae32-7ff70e8aae57 1069->1072 1073 7ff70e8aae59-7ff70e8aae5b 1072->1073 1074 7ff70e8aae8a-7ff70e8aae91 1072->1074 1076 7ff70e8aae82-7ff70e8aae88 1073->1076 1077 7ff70e8aae5d-7ff70e8aae64 1073->1077 1078 7ff70e8aae66-7ff70e8aae7d call 7ff70e8a43d4 call 7ff70e8a43f4 call 7ff70e8a9bf0 1074->1078 1079 7ff70e8aae93-7ff70e8aaebb call 7ff70e8ac90c call 7ff70e8a9c58 * 2 1074->1079 1081 7ff70e8aaf08-7ff70e8aaf1f 1076->1081 1077->1076 1077->1078 1110 7ff70e8ab010 1078->1110 1106 7ff70e8aaed8-7ff70e8aaf03 call 7ff70e8ab594 1079->1106 1107 7ff70e8aaebd-7ff70e8aaed3 call 7ff70e8a43f4 call 7ff70e8a43d4 1079->1107 1084 7ff70e8aaf21-7ff70e8aaf29 1081->1084 1085 7ff70e8aaf9a-7ff70e8aafa4 call 7ff70e8b2c2c 1081->1085 1084->1085 1089 7ff70e8aaf2b-7ff70e8aaf2d 1084->1089 1097 7ff70e8aafaa-7ff70e8aafbf 1085->1097 1098 7ff70e8ab02e 1085->1098 1089->1085 1093 7ff70e8aaf2f-7ff70e8aaf45 1089->1093 1093->1085 1099 7ff70e8aaf47-7ff70e8aaf53 1093->1099 1097->1098 1103 7ff70e8aafc1-7ff70e8aafd3 GetConsoleMode 1097->1103 1101 7ff70e8ab033-7ff70e8ab053 ReadFile 1098->1101 1099->1085 1104 7ff70e8aaf55-7ff70e8aaf57 1099->1104 1108 7ff70e8ab059-7ff70e8ab061 1101->1108 1109 7ff70e8ab14d-7ff70e8ab156 GetLastError 1101->1109 1103->1098 1111 7ff70e8aafd5-7ff70e8aafdd 1103->1111 1104->1085 1105 7ff70e8aaf59-7ff70e8aaf71 1104->1105 1105->1085 1112 7ff70e8aaf73-7ff70e8aaf7f 1105->1112 1106->1081 1107->1110 1108->1109 1114 7ff70e8ab067 1108->1114 1117 7ff70e8ab173-7ff70e8ab176 1109->1117 1118 7ff70e8ab158-7ff70e8ab16e call 7ff70e8a43f4 call 7ff70e8a43d4 1109->1118 1119 7ff70e8ab013-7ff70e8ab01d call 7ff70e8a9c58 1110->1119 1111->1101 1116 7ff70e8aafdf-7ff70e8ab001 ReadConsoleW 1111->1116 1112->1085 1121 7ff70e8aaf81-7ff70e8aaf83 1112->1121 1125 7ff70e8ab06e-7ff70e8ab083 1114->1125 1127 7ff70e8ab022-7ff70e8ab02c 1116->1127 1128 7ff70e8ab003 GetLastError 1116->1128 1122 7ff70e8ab009-7ff70e8ab00b call 7ff70e8a4368 1117->1122 1123 7ff70e8ab17c-7ff70e8ab17e 1117->1123 1118->1110 1119->1066 1121->1085 1131 7ff70e8aaf85-7ff70e8aaf95 1121->1131 1122->1110 1123->1119 1125->1119 1133 7ff70e8ab085-7ff70e8ab090 1125->1133 1127->1125 1128->1122 1131->1085 1138 7ff70e8ab092-7ff70e8ab0ab call 7ff70e8aa984 1133->1138 1139 7ff70e8ab0b7-7ff70e8ab0bf 1133->1139 1145 7ff70e8ab0b0-7ff70e8ab0b2 1138->1145 1142 7ff70e8ab0c1-7ff70e8ab0d3 1139->1142 1143 7ff70e8ab13b-7ff70e8ab148 call 7ff70e8aa7c4 1139->1143 1146 7ff70e8ab0d5 1142->1146 1147 7ff70e8ab12e-7ff70e8ab136 1142->1147 1143->1145 1145->1119 1149 7ff70e8ab0da-7ff70e8ab0e1 1146->1149 1147->1119 1150 7ff70e8ab0e3-7ff70e8ab0e7 1149->1150 1151 7ff70e8ab11d-7ff70e8ab128 1149->1151 1152 7ff70e8ab103 1150->1152 1153 7ff70e8ab0e9-7ff70e8ab0f0 1150->1153 1151->1147 1155 7ff70e8ab109-7ff70e8ab119 1152->1155 1153->1152 1154 7ff70e8ab0f2-7ff70e8ab0f6 1153->1154 1154->1152 1156 7ff70e8ab0f8-7ff70e8ab101 1154->1156 1155->1149 1157 7ff70e8ab11b 1155->1157 1156->1155 1157->1147
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                                                                                                                                                  • Instruction ID: 5803d575c28325178c3405c114aefc1412af9a0dfaa13f0cae97e1f606529f5a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C1C32290CA8791FB65AB149840ABDB790FF90B80F9D6131DA5D077D1DFBDE865C320
                                                                                                                                                                                                                  Function 00007FF70E8933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF70E893534), ref: 00007FF70E893411
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: GetLastError.KERNEL32(?,?,?,00007FF70E89342E,?,00007FF70E893534), ref: 00007FF70E892A14
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: FormatMessageW.KERNEL32(?,?,?,00007FF70E89342E), ref: 00007FF70E892A7D
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8929E0: MessageBoxW.USER32 ref: 00007FF70E892ACF
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                  • API String ID: 517058245-2863816727
                                                                                                                                                                                                                  • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                  • Instruction ID: ba926ee1cd1e4c281a793f1bb3561331e1d843fde81d88bbf076c04b808dbf90
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621B321F1C64391FA21BB24ED41BBAD250BF58384FC42132E69D865E5EF2CF524C720
                                                                                                                                                                                                                  Function 00007FFDFA97FF80 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 409fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058331318.00007FFDFA971000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFDFA970000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058304770.00007FFDFA970000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058478564.00007FFDFAAD4000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058505827.00007FFDFAAD9000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdfa970000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memset$CreateFile
                                                                                                                                                                                                                  • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                                  • API String ID: 333288564-3829269058
                                                                                                                                                                                                                  • Opcode ID: 7496fba9616c05f7c508fb22478160b4decc14dba16169d1f9d558705a8b6842
                                                                                                                                                                                                                  • Instruction ID: 972f72b264fa6f03ead06ffda8bba3d5a479ce3b8332d77f81987a4ae00e44d0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7496fba9616c05f7c508fb22478160b4decc14dba16169d1f9d558705a8b6842
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE029325B0D64286FB5C8B25E870A7973A0FF84B54F8441B5DDAE8A6ECDF3CE4498700
                                                                                                                                                                                                                  Function 00007FF70E8AEC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                                  • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                  • Instruction ID: db559f4220e637373637b07bd3a089c48fc45bf116c3e873259a334073dfc1b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6513672F046118AFB28EF64DD45ABCB7A1AF00358FD82535DD1E52AE5DF38A4A2C710
                                                                                                                                                                                                                  Function 00007FF70E8A4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                                  • Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                  • Instruction ID: a987cd3e4772801a1647f3337121264b06ec92629c136ca87b63005197f61116
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45519F22E046418AFB54EFB1D8407BDA3A1EF48B58F58A034DE1D87689DFBCD462C720
                                                                                                                                                                                                                  Function 00007FF70E8A4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                                  • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                  • Instruction ID: 62b52501a549936bc608cbb7882b28187d690a7c88ceb81fb6dff2326a87fc0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4419422D1878283FB54AF609950779B260FF94764F54A334E6AC03AD5EFBCA5F08720
                                                                                                                                                                                                                  Function 00007FF70E89BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                                  • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                  • Instruction ID: 97c91b1c7d389cc0c1052a707396b68998d134f3b6e46285cbd7cfe9dcff8613
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E313A11E0C64385FA54BB659D16BB9E391AF81384FCC3034E94E4B6D3DF2EB8248235
                                                                                                                                                                                                                  Function 00007FF70E8A8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                  • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                  • Instruction ID: 79f4dc9884238aef44233a9ef0c25c3db8ba0daf35e7444ca7236dbd2f1527fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD06710F187068AFA593B705C5997992515F58701B943438D88A0B3D3CF2CA8294270
                                                                                                                                                                                                                  Function 00007FF70E89F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                  • Instruction ID: 0723fb7111d8f10d7b0d1384008944f37817b46f9a8e9fdf91965d79c2c3d185
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE51D661F0924246F62DAE259C00E7AA291BF84BB4F9C6634DF6D877D5CF3CF4218620
                                                                                                                                                                                                                  Function 00007FF70E8AB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                  • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                  • Instruction ID: 39795937fcf538b04c0d03e31ef137325149d4e03b9f7b3365c3d51d6a0cab54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB11C162A0CA8181EA20AB25AD44579A361AF44BF4F985335EEBD077E9CF7CD0618740
                                                                                                                                                                                                                  Function 00007FF70E8A4C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8A4B49), ref: 00007FF70E8A4C67
                                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF70E8A4B49), ref: 00007FF70E8A4C7D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                                  • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                  • Instruction ID: 7165938f067de04847b28f27466e916e08bac72ff277ef3dc715d6c473cc4bd8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11A33160C60281EB64AB11A85153EF7A0FF85765F942235FAED859E8EF7CD064DB10
                                                                                                                                                                                                                  Function 00007FF70E8A9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF70E8A9CE5,?,?,00000000,00007FF70E8A9D9A), ref: 00007FF70E8A9ED6
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF70E8A9CE5,?,?,00000000,00007FF70E8A9D9A), ref: 00007FF70E8A9EE0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                                  • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                  • Instruction ID: 001ae8ddebae96e82dc4b4de7c26c861bebefbe33dfa507ea480cfccfeb52189
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0219211F1CA8241FF50B760FC80B79A2915F847A0F8CA235EA2E476D2CFACE4718320
                                                                                                                                                                                                                  Function 00007FFDFA9811E0 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058331318.00007FFDFA971000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFDFA970000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058304770.00007FFDFA970000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058478564.00007FFDFAAD4000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058505827.00007FFDFAAD9000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdfa970000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                  • Opcode ID: 7e95180d38cd00ed8df76aa16efa4cdac9e9adb77db5b2022ed37012a1f49ff9
                                                                                                                                                                                                                  • Instruction ID: 911f802e119499b425ed40c091e18596cb4dcbd8ace65ff21205c8d4962c01dd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e95180d38cd00ed8df76aa16efa4cdac9e9adb77db5b2022ed37012a1f49ff9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FA1EC24F0AB0785EF5C8B55A870B7433A0BF45B44FA445B5C9BD9B7E8DF2CA49AC240
                                                                                                                                                                                                                  Function 00007FF70E8AB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                  • Instruction ID: 221db3768fb01b625ee4ca7f048c36407dcf21252d9f96b879fe4ae67c5132f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F41E43290824187FA24EF55A941A7DB3A1EF95B80F982132D69E836D1DF3CE452C770
                                                                                                                                                                                                                  Function 00007FF70E8976A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                                  • Opcode ID: 324bff8a202c2ee2804417f848977645b53d03b78b17238aa09202f69d15869c
                                                                                                                                                                                                                  • Instruction ID: 40d9e7e1195310ccdf225ace74232edf52d39ec5b72dcc604df25863601e0361
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 324bff8a202c2ee2804417f848977645b53d03b78b17238aa09202f69d15869c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17219E21F1825255FA14AA16AD04BBAE641BF85BC4FCC6431EE0C077C6DF7EF061C620
                                                                                                                                                                                                                  Function 00007FF70E8AAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                  • Instruction ID: a9eb1a2565d84cc8a7282b7d357873822fb23fa7c6db09a81d10ec5a43487c5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F31D221A1C65282FB15BB148C40BBCA650AF50B60FD92175DA2D077E2CFBEE461C330
                                                                                                                                                                                                                  Function 00007FF70E8A8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                                  • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                  • Instruction ID: f0c9fdfc6e6c0b1f485f38dbb004dbd81e889859e9df7a5b24229c632f827569
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0219C32E157058AFB69AF64C8486EC73A0FF44318F88163AD62C07AC5EF38D465CB60
                                                                                                                                                                                                                  Function 00007FF70E8A52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                  • Instruction ID: 1decc270d670a08afe7ac3053605aafc6f9083b629478b24e95ccb6ea4c85ffe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA119621A1C68185FE60BF91AC0097EE265FF95B80FDC5031EA4C57AD6CF7DD4A18760
                                                                                                                                                                                                                  Function 00007FF70E8B5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                  • Instruction ID: 41e783be9416045cf66323b83af1dead071ec0b0f5c3083bfec63894d4e3fa82
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99210B32608A8187EB61AF18D840B79B7A1FF85B94F945234DB9D476D5DF3DD410CB10
                                                                                                                                                                                                                  Function 00007FF70E89F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                  • Instruction ID: 3e07d94619e718de43413150127926a4722f7c9881af070f033d9b1ccaaae176
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F201A521B0878250EA04BB566D00879E695AF95FE0F8C9631DF6C57BD6DF7CE4228310
                                                                                                                                                                                                                  Function 00007FF70E8981A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FF70E8986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF70E893FA4,00000000,00007FF70E891925), ref: 00007FF70E8986E9
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00007FF70E895C06,?,00007FF70E89308E), ref: 00007FF70E8981C2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2592636585-0
                                                                                                                                                                                                                  • Opcode ID: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                                                                                                                                                                                  • Instruction ID: a3ee07cea09aa2bfa77ea8bffc1a906fdaed3757f3ea90fa93762f3fefb50e2b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7D0C201F2824281FE48BB77BE46979A5519FCABC0F8CA034EE5C07B86DD3CD0A10B00
                                                                                                                                                                                                                  Function 00007FF70E8AC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF70E89FFB0,?,?,?,00007FF70E8A161A,?,?,?,?,?,00007FF70E8A2E09), ref: 00007FF70E8AC94A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2053908198.00007FF70E891000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF70E890000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053780056.00007FF70E890000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2053948230.00007FF70E8BB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054065966.00007FF70E8D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2054250419.00007FF70E8D6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff70e890000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                  • Instruction ID: feec5d43f42a34a763b86a977a6c4cac1065f4721425d318494f7fd85fd94f0d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF05800B1C24B84FE2477B25D11E79E2805F88BA0FCC7230DC6E862D1DF6CA4648230

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FFE0CF96BD4 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 134COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyUnicode_AsUTF8AndSize.PYTHON312(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF96C3D
                                                                                                                                                                                                                  • sqlite3_bind_text.SQLITE3(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF96C73
                                                                                                                                                                                                                  • PyObject_CheckBuffer.PYTHON312 ref: 00007FFE0CF96CD2
                                                                                                                                                                                                                  • PyErr_Format.PYTHON312 ref: 00007FFE0CF96CF6
                                                                                                                                                                                                                  • sqlite3_bind_null.SQLITE3(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D56A
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312 ref: 00007FFE0CF9D5FB
                                                                                                                                                                                                                  • PyFloat_AsDouble.PYTHON312(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D60D
                                                                                                                                                                                                                  • PyErr_Occurred.PYTHON312(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D622
                                                                                                                                                                                                                  • sqlite3_bind_double.SQLITE3(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D63A
                                                                                                                                                                                                                  • PyErr_Occurred.PYTHON312(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D65A
                                                                                                                                                                                                                  • sqlite3_bind_int64.SQLITE3(?,?,?,?,?,?,?,?,00000000,00007FFE0CF92F37), ref: 00007FFE0CF9D672
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_$Occurred$BufferCheckDoubleFloat_FormatObject_SizeStringUnicode_sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_nullsqlite3_bind_text
                                                                                                                                                                                                                  • String ID: BLOB longer than INT_MAX bytes$Error binding parameter %d: type '%s' is not supported$string longer than INT_MAX bytes
                                                                                                                                                                                                                  • API String ID: 165546226-1774195909
                                                                                                                                                                                                                  • Opcode ID: e26d8fd64fefc668da2eafa4a49625e0c93aafa08181df7b9365b6d2c7639509
                                                                                                                                                                                                                  • Instruction ID: 9fbbc45da61df56875a1d0c13bf0fbdfd144b7f918ce2d878ba335063a16e230
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e26d8fd64fefc668da2eafa4a49625e0c93aafa08181df7b9365b6d2c7639509
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4513021A88A4282EE509F6DE4406B963E2FF85BA5F545331E96E833F4DF3CE4558703
                                                                                                                                                                                                                  Function 00007FFDFF171880 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3719493655-0
                                                                                                                                                                                                                  • Opcode ID: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                  • Instruction ID: a1ed893b650e548740806a2532451ef0eb22bb683eff4e7d910d83bbc220bbe2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6702CE73F0869282F7248B15F464A7967A1EBA4780F584332DAFE976D8EF2DE545C300
                                                                                                                                                                                                                  Function 00007FFE01791960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2060270398.00007FFE01791000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE01790000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060243951.00007FFE01790000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060298236.00007FFE01793000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060326142.00007FFE01795000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe01790000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                                  • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                  • Instruction ID: 9cc399e49501aa9e95c5dc6a0b3348c5217dccf1fcabcff7850e88b6da0cbb0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5531507260AB8289EB608F64E8507ED7361FB85754F48403ADA4E4BBA5DF3CD65CC710
                                                                                                                                                                                                                  Function 00007FFE0C0B1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061073437.00007FFE0C0B1000.00000020.00000001.01000000.0000002D.sdmp, Offset: 00007FFE0C0B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061046699.00007FFE0C0B0000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061103306.00007FFE0C0B5000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061133880.00007FFE0C0B6000.00000004.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061243425.00007FFE0C0B7000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0b0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                                  • Opcode ID: 5fe31fd096c1bad991f81fc54a17c152ef0039d236a239c089c20b1045aa1978
                                                                                                                                                                                                                  • Instruction ID: 1eb78d8c79dad28af5cc95f0c751fea2df9937243ce28669defc9ffff6214957
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fe31fd096c1bad991f81fc54a17c152ef0039d236a239c089c20b1045aa1978
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF314D72659B818AEB60CF64E8607ED7362FB84744F44403ADB4E57AA4DF38D648C718
                                                                                                                                                                                                                  Function 00007FFE0C0C1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                                  • Opcode ID: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                                  • Instruction ID: 793cc13930224ce751e6f129747c5fd29abe02e7131c0ef537a12dcfebcaf662
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2315072648B8189EB609F64E8907FD7372FB84744F44403ADA4E47BA5DF38D648C714
                                                                                                                                                                                                                  Function 00007FFDFF173028 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                                  • Opcode ID: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                  • Instruction ID: 48379d9df0c3c1901efcaa19974299ae622cc9c562f2f1e9c57d582533b38972
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75314973B09B818AEB608F60F860BE93360FB94744F44413ADAAE57B99DF39D5488710
                                                                                                                                                                                                                  Function 00007FFE0C0B1D40 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061073437.00007FFE0C0B1000.00000020.00000001.01000000.0000002D.sdmp, Offset: 00007FFE0C0B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061046699.00007FFE0C0B0000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061103306.00007FFE0C0B5000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061133880.00007FFE0C0B6000.00000004.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061243425.00007FFE0C0B7000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0b0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memcpy$_wassert
                                                                                                                                                                                                                  • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                                  • API String ID: 4178124637-3286700114
                                                                                                                                                                                                                  • Opcode ID: 6c8687ad2ff289e94dcfd8a461612af8bd826b46b62f56cf6ff31f31de498083
                                                                                                                                                                                                                  • Instruction ID: 53de4c060823fa55c4d61c6f9e394375d718315c220d6d739409241a8fbd096b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c8687ad2ff289e94dcfd8a461612af8bd826b46b62f56cf6ff31f31de498083
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93C1E862E58A9186E701CF38C9642FD6362FFA5788F009731EF4D16A66EF38E581C304
                                                                                                                                                                                                                  Function 00007FFDFF1712F0 Relevance: 10.8, APIs: 7, Instructions: 343COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4139299733-0
                                                                                                                                                                                                                  • Opcode ID: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                                  • Instruction ID: fbdc6b744530e823d5d829ada5d5fa18ad0c4bdede0fbc73fed707fdc0507db6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6E17573F0865281FB288B16B424E7D63A5EB75B54F540332DABFA26D8DF6CE9418700
                                                                                                                                                                                                                  Function 00007FFE0C0C2160 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memset$_wassert
                                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                                  • API String ID: 3746435480-330188172
                                                                                                                                                                                                                  • Opcode ID: 603f01a09e6466173747a0b7a0d06d3a4aa1c2544d88be7af2bd99f1857fc59a
                                                                                                                                                                                                                  • Instruction ID: e56059a11f4ddbccc8260c8e9d3f75a951ba816844b35e8f71ec4f7ac691e2dc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603f01a09e6466173747a0b7a0d06d3a4aa1c2544d88be7af2bd99f1857fc59a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82519F132192C08FC70ACF7D855006C7FB2E766B4870CC0AAEBD58774BCA18D669C765
                                                                                                                                                                                                                  Function 00007FFE0CF95B90 Relevance: 59.7, APIs: 23, Strings: 11, Instructions: 194threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strnicmp$Eval_Object_SizeThreadThread_get_thread_ident$Arg_Err_FormatParseRestoreSaveTrackTuple_Unicode_sqlite3_limitsqlite3_prepare_v2
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$Cannot operate on a closed database.$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.$You can only execute one statement at a time.$delete$insert$query string is too large$replace$sqlite3.Connection$the query contains a null character$update
                                                                                                                                                                                                                  • API String ID: 603912194-3639599724
                                                                                                                                                                                                                  • Opcode ID: c1de66bb62897465cbae77d572b7bafa2c95c06442bc60d5eff7eb7ab2f429d8
                                                                                                                                                                                                                  • Instruction ID: cee3fc4b5771b1eefcfb2cda8177c5025dda954986b14528c7455b0ba12c460b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1de66bb62897465cbae77d572b7bafa2c95c06442bc60d5eff7eb7ab2f429d8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90917D21A8CA4282FF659B6EE8543B823E2EF44B85F544132D94E876B4DF2CE549C343
                                                                                                                                                                                                                  Function 00007FFE0CF99580 Relevance: 52.7, APIs: 21, Strings: 9, Instructions: 190threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_$Arg_String$ArgumentKeywordsLong_MallocMem_ModuleModule_Object_OccurredSizeStateThread_get_thread_identTrueType_Unicode_Unpacksqlite3_create_function_v2sqlite3_libversion_number
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$Cannot operate on a closed database.$Error creating function$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.$argument 'name'$create_function$deterministic=True requires SQLite 3.8.3 or higher$embedded null character$str
                                                                                                                                                                                                                  • API String ID: 696753127-1353199886
                                                                                                                                                                                                                  • Opcode ID: 95772f76f0acd76d1c85816d62a4900ff583a869f5b9547743eed553dea0a99d
                                                                                                                                                                                                                  • Instruction ID: efd7ddd9ca3d790074dd6f3f3945040f8ac8cf32c9de5d84dd9a51eb9c0ee4f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95772f76f0acd76d1c85816d62a4900ff583a869f5b9547743eed553dea0a99d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C914631A88B4281EE608F19E8402B963E6FF84B94F15513ADA5E837B4DF7CE194C703
                                                                                                                                                                                                                  Function 00007FFE0CF98DA0 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 213threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Type_$ModuleModule_State$Arg_$AppendArgumentErr_KeywordsList_StringSubtypeThread_get_thread_identWeakref_
                                                                                                                                                                                                                  • String ID: Cursor$Recursive use of cursors not allowed.$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.$argument 1
                                                                                                                                                                                                                  • API String ID: 97589694-3640195694
                                                                                                                                                                                                                  • Opcode ID: cd6d266aaf44bd9c0e861144f08b22cb28e07d0246837af7a0765defd011c9e6
                                                                                                                                                                                                                  • Instruction ID: 5a900bb2063a02bc5a3139d7638a627129f5e7505bb73ed2b6c038173e72782b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd6d266aaf44bd9c0e861144f08b22cb28e07d0246837af7a0765defd011c9e6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CA10932A89A0282EF549F6DD85427823E6FF56B99F145032CA0E876B4DF3DE481C703
                                                                                                                                                                                                                  Function 00007FFE0CF929F8 Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 139threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Thread$RestoreSave$Err_Stringsqlite3_backup_finish$CallCallable_CheckFunction_Object_SizeThread_get_thread_identsqlite3_backup_initsqlite3_backup_pagecountsqlite3_backup_remainingsqlite3_backup_step
                                                                                                                                                                                                                  • String ID: iii$main$progress argument must be a callable$target cannot be the same connection instance
                                                                                                                                                                                                                  • API String ID: 151912185-3198837685
                                                                                                                                                                                                                  • Opcode ID: 608195023f98d7d0eacc52a0af10a55e313f1364f0cb605e73c39468f0d49210
                                                                                                                                                                                                                  • Instruction ID: b89aab8ca012e9cbf9ca4cf98fe2bdd7c2e1ea224d34bedd65b4664ce5623c7a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 608195023f98d7d0eacc52a0af10a55e313f1364f0cb605e73c39468f0d49210
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55510A25A98A0396EE149FAEA84417963E2FF8AF94F495131CD4E87774DF3CE4468303
                                                                                                                                                                                                                  Function 00007FFE0CFB5546 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 231COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Dealloc$CallDecodeDict_Err_ItemObject_OccurredUnicode_$BuildErrorTraceback_Tuple_ValueWith
                                                                                                                                                                                                                  • String ID: (N)$CharacterData$D:\a\1\s\Modules\pyexpat.c$EndElement$strict
                                                                                                                                                                                                                  • API String ID: 2795322658-1455353876
                                                                                                                                                                                                                  • Opcode ID: 03c829afea8b8bd081e3de66378f93e7a577d868fa5e215cd5a252ca699df054
                                                                                                                                                                                                                  • Instruction ID: 9b1c61ab974a59c4a5f474e9c61798a76d364209bfd60c7225836b745cd9b45b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03c829afea8b8bd081e3de66378f93e7a577d868fa5e215cd5a252ca699df054
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8A18932A8974386EA259F29E94427963E2FF49B95F188135CB4E477B0DF3CE841C742
                                                                                                                                                                                                                  Function 00007FFE0CF99380 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 178threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu., xrefs: 00007FFE0CF99563
                                                                                                                                                                                                                  • Base Connection.__init__ not called., xrefs: 00007FFE0CF99529
                                                                                                                                                                                                                  • factory must return a cursor, not %.100s, xrefs: 00007FFE0CF9946E
                                                                                                                                                                                                                  • Cannot operate on a closed database., xrefs: 00007FFE0CF99543
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_$DeallocFormatStringThread_get_thread_identType_$Arg_CallKeywordsModuleModule_Object_StateSubtypeUnpack
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$Cannot operate on a closed database.$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.$factory must return a cursor, not %.100s
                                                                                                                                                                                                                  • API String ID: 2080304876-2953218143
                                                                                                                                                                                                                  • Opcode ID: d8e2f07118e0d77d8177f56f34a2bf1ba8553d698c851cc57b060ed719ddfc9e
                                                                                                                                                                                                                  • Instruction ID: 3e056320180a717d40dabd01075604fb3cd87b043e025e5c106895d8ea46668b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8e2f07118e0d77d8177f56f34a2bf1ba8553d698c851cc57b060ed719ddfc9e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B812C32A89A4282EF558F6DE44427823E2FF44B94F55803ACA0E437B4DF7DE5958343
                                                                                                                                                                                                                  Function 00007FFE0CF96A0C Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 120threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyUnicode_AsUTF8AndSize.PYTHON312(00000000,?,?,?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96A2E
                                                                                                                                                                                                                  • sqlite3_limit.SQLITE3(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96A51
                                                                                                                                                                                                                  • PyEval_SaveThread.PYTHON312(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96A79
                                                                                                                                                                                                                  • sqlite3_prepare_v2.SQLITE3(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96A9F
                                                                                                                                                                                                                  • PyEval_RestoreThread.PYTHON312(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96AAA
                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96AEF
                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96B0A
                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96B21
                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96B39
                                                                                                                                                                                                                  • _PyObject_GC_New.PYTHON312(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96B4C
                                                                                                                                                                                                                  • PyObject_GC_Track.PYTHON312(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF96B6D
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,00000000,00007FFE0CF94DD1), ref: 00007FFE0CF9D4DA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strnicmp$Eval_Object_Thread$Err_RestoreSaveSizeStringTrackUnicode_sqlite3_limitsqlite3_prepare_v2
                                                                                                                                                                                                                  • String ID: You can only execute one statement at a time.$delete$insert$query string is too large$replace$the query contains a null character$update
                                                                                                                                                                                                                  • API String ID: 343036354-1845899854
                                                                                                                                                                                                                  • Opcode ID: 13f2cbcb63c85acff155581a0838ec10a45eefb560ef2bc510c5327ef9043cac
                                                                                                                                                                                                                  • Instruction ID: 40ff623f70af5209035d124e2925b242309b281fca3f5fea5682cc3ec07e7ce6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13f2cbcb63c85acff155581a0838ec10a45eefb560ef2bc510c5327ef9043cac
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65515562B89A0282EE549F6EE84027963E2FF84BD4F145135DE1E877B4EE3CE4458743
                                                                                                                                                                                                                  Function 00007FFE0CF93D60 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 148threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_$Arg_Thread_get_thread_ident$ArgumentFormatKeywordsLong_MallocMem_ModuleModule_OccurredSizeStateStringType_Unicode_Unpacksqlite3_create_function_v2
                                                                                                                                                                                                                  • String ID: Error creating aggregate$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.$argument 'name'$create_aggregate$embedded null character$str
                                                                                                                                                                                                                  • API String ID: 2936329868-1132069782
                                                                                                                                                                                                                  • Opcode ID: 544d8c4ed93ae0a24bc10839141e34e81691cc5ebe93d2cb2aefb92fc2e75cfd
                                                                                                                                                                                                                  • Instruction ID: 841d31b7a7e237e49b97041e006e572f614a600289e07128113edb00d2622450
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 544d8c4ed93ae0a24bc10839141e34e81691cc5ebe93d2cb2aefb92fc2e75cfd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD615832A48B8286EE608B59E4542B973E6FF89B94F445136DA5E437B4DF3CE058C703
                                                                                                                                                                                                                  Function 00007FFE0CF92168 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 165COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_Err_ModuleModule_OccurredStateType_$ArgumentDoubleFloat_KeywordsLong_SizeUnicode_Unpack
                                                                                                                                                                                                                  • String ID: argument 'name'$argument 'target'$backup$embedded null character$main$str
                                                                                                                                                                                                                  • API String ID: 2223572232-4162570895
                                                                                                                                                                                                                  • Opcode ID: f6a2605b73cb26916ef7ebb252dcfc1b87d13d731add4b62aff0e777abe19f3d
                                                                                                                                                                                                                  • Instruction ID: 1805ca4c2ed3c9b6816cc74432c1a2cf0d0c46d8c90ec581c4ca7eb61afca415
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6a2605b73cb26916ef7ebb252dcfc1b87d13d731add4b62aff0e777abe19f3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68719B22A89A42A2FE618B5EE84067963E2FF45B94F144136CE4D433B4DF3CE555C303
                                                                                                                                                                                                                  Function 00007FFE0CF93540 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 163COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: SizeUnicode_$Arg_Err_$ArgumentKeywordsObject_OccurredStringTrueUnpack
                                                                                                                                                                                                                  • String ID: argument 'name'$argument 1$argument 2$blobopen$embedded null character$expected 'int'$main$str
                                                                                                                                                                                                                  • API String ID: 1613678964-3971151731
                                                                                                                                                                                                                  • Opcode ID: 039454b1fa1476b457b2cfd01ada73b8d632c98a06d588d0e9c1961b1d4e7812
                                                                                                                                                                                                                  • Instruction ID: aee4d533c752c7cdcb37e3622c934eabadf8f20a08bad51e0acc316da7f9ea24
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 039454b1fa1476b457b2cfd01ada73b8d632c98a06d588d0e9c1961b1d4e7812
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4771A9A2A8DB4291EE518B5DE8407B967E2EF49BA4F485132D95E433B4DF3CE049C703
                                                                                                                                                                                                                  Function 00007FFE0CF913F8 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 137COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Buffer_$Arg_SizeUnicode_$ArgumentBufferContiguousErr_FillInfoKeywordsObject_ReleaseStringUnpack
                                                                                                                                                                                                                  • String ID: argument 'name'$argument 1$contiguous buffer$deserialize$embedded null character$main$str
                                                                                                                                                                                                                  • API String ID: 4179501235-2018056252
                                                                                                                                                                                                                  • Opcode ID: def4cd7e2fb7d617cd3ca9abcd552c9d3cde78e4e018ea9772035364ae65a2a6
                                                                                                                                                                                                                  • Instruction ID: 4dcd8e5aa95f0bd0141d32393d115b1225172b0836d4c2b8f92eb703fc641544
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: def4cd7e2fb7d617cd3ca9abcd552c9d3cde78e4e018ea9772035364ae65a2a6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE515C22B58A4695EF608B6DE4406B963E2EF49B98F585136DE0E436B4EF3CE544C303
                                                                                                                                                                                                                  Function 00007FFE0CF975F0 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 76threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyThread_get_thread_ident.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF97618
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF97661
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF97683
                                                                                                                                                                                                                  • PyThread_get_thread_ident.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF97696
                                                                                                                                                                                                                  • PyErr_Format.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF976B1
                                                                                                                                                                                                                  • PyType_GetModuleByDef.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF9D869
                                                                                                                                                                                                                  • PyModule_GetState.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF9D872
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,00000000,00007FFE0CF97053), ref: 00007FFE0CF9D883
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_$String$Thread_get_thread_ident$FormatModuleModule_StateType_
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$Base Cursor.__init__ not called.$Cannot operate on a closed cursor.$Cannot operate on a closed database.$Recursive use of cursors not allowed.$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.
                                                                                                                                                                                                                  • API String ID: 1217419632-2922342969
                                                                                                                                                                                                                  • Opcode ID: 9e6d3c8259d8ffffe92b825d52b258449f9fe93c7a9bc3d96818386bbaf5fd14
                                                                                                                                                                                                                  • Instruction ID: 8581090cb3b4b13488fe7213bf47055a0bf1f4039a6dad0dbcbd2164c03b4ccd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d3c8259d8ffffe92b825d52b258449f9fe93c7a9bc3d96818386bbaf5fd14
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38313D62A59A02C2EF549B5DE44427863F2FF84B99F542032CA0E87674DF7DE49AC703
                                                                                                                                                                                                                  Function 00007FFE0CF93390 Relevance: 27.1, APIs: 18, Instructions: 112COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyTuple_New.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933A6
                                                                                                                                                                                                                  • sqlite3_value_type.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933DE
                                                                                                                                                                                                                  • sqlite3_value_int64.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933EC
                                                                                                                                                                                                                  • PyLong_FromLongLong.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933F5
                                                                                                                                                                                                                  • sqlite3_context_db_handle.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93445
                                                                                                                                                                                                                  • sqlite3_value_text.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93453
                                                                                                                                                                                                                  • sqlite3_value_bytes.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93468
                                                                                                                                                                                                                  • PyUnicode_FromStringAndSize.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93474
                                                                                                                                                                                                                  • sqlite3_context_db_handle.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93487
                                                                                                                                                                                                                  • sqlite3_value_blob.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF93495
                                                                                                                                                                                                                  • sqlite3_value_bytes.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF934A6
                                                                                                                                                                                                                  • PyBytes_FromStringAndSize.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF934B2
                                                                                                                                                                                                                  • sqlite3_value_double.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF934D9
                                                                                                                                                                                                                  • PyFloat_FromDouble.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF934DF
                                                                                                                                                                                                                  • sqlite3_errcode.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF934EF
                                                                                                                                                                                                                  • PyErr_NoMemory.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF9CB23
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF9CB39
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: From$LongSizeStringsqlite3_context_db_handlesqlite3_value_bytes$Bytes_DeallocDoubleErr_Float_Long_MemoryTuple_Unicode_sqlite3_errcodesqlite3_value_blobsqlite3_value_doublesqlite3_value_int64sqlite3_value_textsqlite3_value_type
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 549144770-0
                                                                                                                                                                                                                  • Opcode ID: c5e93a1000b2eadb6da747c5d5a4fcfa92a0745eb7a4661777cde51fc8aeaa19
                                                                                                                                                                                                                  • Instruction ID: c9415eb392a24d3c74e2d79df2f33252be710e9a07f36c61b621289c5a0009c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e93a1000b2eadb6da747c5d5a4fcfa92a0745eb7a4661777cde51fc8aeaa19
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F414B31A8DA4382EE159BAEA85403967E2FF85B91F550430CD4E86770DF3CE899C703
                                                                                                                                                                                                                  Function 00007FFE0CF91F70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 101threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_Eval_InterpreterThread$ClearExceptionFinalizingRaisedRestoreSaveState_sqlite3_close_v2sqlite3_get_autocommitsqlite3_progress_handlersqlite3_set_authorizersqlite3_trace_v2
                                                                                                                                                                                                                  • String ID: ROLLBACK
                                                                                                                                                                                                                  • API String ID: 2644278265-1608819330
                                                                                                                                                                                                                  • Opcode ID: 3a1939b9b09e136e18709d521cee047704d799a182c46fa3ba6fd02e8b3e8645
                                                                                                                                                                                                                  • Instruction ID: 3befb38ff954bd0ea52a6c448677df7ee7839add8f6bede44736ae14f0f3d713
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a1939b9b09e136e18709d521cee047704d799a182c46fa3ba6fd02e8b3e8645
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA412925A88A0382FF649FAEA51463D23E6FF85B98F145131DE5E82674EF3CE0558703
                                                                                                                                                                                                                  Function 00007FFE0CF991E8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ModuleModule_StateType_$ArgumentCheckKeywordsPositional
                                                                                                                                                                                                                  • String ID: Row$argument 1$argument 2$tuple
                                                                                                                                                                                                                  • API String ID: 1727891712-1615332470
                                                                                                                                                                                                                  • Opcode ID: 55ac188b1e6281e32bb92b7ff744121db56fff9e845ae6cdc60c561a96e60607
                                                                                                                                                                                                                  • Instruction ID: e3b662bdecdc1b53caf41dfa99db61d1243e4d3f6b144f5fd91355a8425559f1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55ac188b1e6281e32bb92b7ff744121db56fff9e845ae6cdc60c561a96e60607
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4314C65A88A4282EE548B5AE4402B963E2FF44FD0F599036DA0E43774DF7CE595C343
                                                                                                                                                                                                                  Function 00007FFE0CFB197C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB152C: strrchr.VCRUNTIME140(?,?,00000000,00007FFE0CFB19A1,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB154E
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB152C: PyModule_New.PYTHON312(?,?,00000000,00007FFE0CFB19A1,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB155A
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB152C: PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFE0CFB19A1,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB156B
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB152C: _PyImport_SetModule.PYTHON312(?,?,00000000,00007FFE0CFB19A1,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1583
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB152C: PyModule_AddObject.PYTHON312(?,?,00000000,00007FFE0CFB19A1,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB15AA
                                                                                                                                                                                                                  • PyDict_New.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB19AD
                                                                                                                                                                                                                  • PyDict_New.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB19BF
                                                                                                                                                                                                                  • PyModule_AddStringConstant.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1A1D
                                                                                                                                                                                                                  • PyModule_AddObjectRef.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFC0D5D
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB1A84: PyModule_AddStringConstant.PYTHON312(?,?,00000000,00007FFE0CFB19F4,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1ADA
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB1A84: PyLong_FromLong.PYTHON312(?,?,00000000,00007FFE0CFB19F4,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1AEA
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB1A84: PyDict_SetItemString.PYTHON312(?,?,00000000,00007FFE0CFB19F4,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1B01
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB1A84: PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFE0CFB19F4,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1B12
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CFB1A84: PyDict_SetItem.PYTHON312(?,?,00000000,00007FFE0CFB19F4,?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFB1B2D
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFC0DAC
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312(?,?,?,00007FFE0CFB1184), ref: 00007FFE0CFC0DD1
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Module_String$Dict_$From$ConstantDeallocItemObjectUnicode_$Import_LongLong_Modulestrrchr
                                                                                                                                                                                                                  • String ID: Constants used to describe error conditions.$__doc__$codes$messages$pyexpat.errors
                                                                                                                                                                                                                  • API String ID: 22755458-1115447882
                                                                                                                                                                                                                  • Opcode ID: d51c3487e24f83106b665083f247a2309126faa65521e96e27374ccc8e2c44f0
                                                                                                                                                                                                                  • Instruction ID: 53f5d05ac5fb296af8c7cf79ef554da4f5b50fd88e48eee00dc8b480cc91b3b2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d51c3487e24f83106b665083f247a2309126faa65521e96e27374ccc8e2c44f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99314A22A8871282FA194F6D995437862E5AF44B84F488131CB4E523B5DF3CFA818253
                                                                                                                                                                                                                  Function 00007FFDFF174910 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                  • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                  • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                  • Opcode ID: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                                  • Instruction ID: 7eaf38cbc000caddcdeb5415970b91820dd98e7e920e8afccf1bf7bc54a9b8ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72411523F0CA02C1EB149B15B8B0A7963A1ABA9B85F944235C9FE877DCDF3DE1549300
                                                                                                                                                                                                                  Function 00007FFDFF1724B0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                  • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                  • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                  • Opcode ID: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                                  • Instruction ID: b439b60ad0824aa92fbc7ca8a0f58b3a9048c6ef84c366ad8f6688d9c10fb00e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55310A23F4C68381EB155F21B834AB923A0AF69B81F945234D9BD466DDDFBCE5428B01
                                                                                                                                                                                                                  Function 00007FFDFF1711B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                  • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                  • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                  • Opcode ID: 13271e0bc0e3c0f82cdd07100ecb64e94413eefe5de2adc2962d6d08c7809de6
                                                                                                                                                                                                                  • Instruction ID: 3fe407d5f16bd220914618c10f85c03deac421f93fb48077c0362e58c12f53cf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13271e0bc0e3c0f82cdd07100ecb64e94413eefe5de2adc2962d6d08c7809de6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00514B63F0C25281FB609B25B871E796391AB76BC0F645235DAFD96ACDDF2CE4018700
                                                                                                                                                                                                                  Function 00007FFDFF1744E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                  • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                  • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                  • Opcode ID: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                  • Instruction ID: c3feb88e83fdd607efbc8fb042f2e89020a2a6c9fb2558d2f4bee6b625767c20
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD41A3A3F08A8281EB248B15F864AB923A1FF69B94F540335D9BE476DCDF3CD5558700
                                                                                                                                                                                                                  Function 00007FFE0CF92BF0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 95COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_Err_$ArgumentKeywordsLong_OccurredSizeStringUnicode_Unpack
                                                                                                                                                                                                                  • String ID: argument 1$create_window_function$embedded null character$str
                                                                                                                                                                                                                  • API String ID: 533272146-1686324635
                                                                                                                                                                                                                  • Opcode ID: 90e8fba7630c24f3229344ce66844466e798c5bdf05d5ef6be4900c540b83669
                                                                                                                                                                                                                  • Instruction ID: 3eb8ce54895589202663575dcd6fd54dbd13e19ae2103e936b8b0933c6609fcb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e8fba7630c24f3229344ce66844466e798c5bdf05d5ef6be4900c540b83669
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD418E21A48B8295EE608B5EE4403B963E1FF49BA4F545132DE8E877B4DF3CE0458703
                                                                                                                                                                                                                  Function 00007FFE0CF94160 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu., xrefs: 00007FFE0CF94231
                                                                                                                                                                                                                  • Base Connection.__init__ not called., xrefs: 00007FFE0CF94271
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_Thread_get_thread_ident$DeallocFormatModuleModule_ObjectStateStringType_Weakref_
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.
                                                                                                                                                                                                                  • API String ID: 2571765474-2092554567
                                                                                                                                                                                                                  • Opcode ID: deb5ad074e8ac15c044f6bf0cb0b367ac17f2344442455f519f382dcef6ccc07
                                                                                                                                                                                                                  • Instruction ID: 695517d31615b030f5ccc80115fc81679e28934097ed81b3b34af867c60276d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: deb5ad074e8ac15c044f6bf0cb0b367ac17f2344442455f519f382dcef6ccc07
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D312C32B48A0282EF558F6DE88016867E6FF94B98F551031DA1E87774CE3DD4928703
                                                                                                                                                                                                                  Function 00007FFE0CF95DAC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strnicmp$Object_$Track
                                                                                                                                                                                                                  • String ID: delete$insert$replace$update
                                                                                                                                                                                                                  • API String ID: 3251813400-310407209
                                                                                                                                                                                                                  • Opcode ID: 55ff5d261b1f51f00bd5c5bf83bf49c8a2a4fff34966bc3459cb13d7dcfdbe15
                                                                                                                                                                                                                  • Instruction ID: 329d8af9c439a9c4ed69652fbf6ffb136d98d7e2122563f81af911c60dd02181
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55ff5d261b1f51f00bd5c5bf83bf49c8a2a4fff34966bc3459cb13d7dcfdbe15
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D111920B8D61241FE569B5AA84437922D7EF45FD1F448136CD0DCA7B0EF2CE6568383
                                                                                                                                                                                                                  Function 00007FFE01791030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2060270398.00007FFE01791000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE01790000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060243951.00007FFE01790000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060298236.00007FFE01793000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060326142.00007FFE01795000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe01790000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                                  • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                  • Instruction ID: 4c5c43b6cc8fcb89046a8108c09e795796dcd55033f80fc419ed0a78b1f12e07
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D08182A1F0E64356F750AB65A4412B922A0AF477A0FDC4035D90D8F7B7DE3CE86E8700
                                                                                                                                                                                                                  Function 00007FFE0C0B1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061073437.00007FFE0C0B1000.00000020.00000001.01000000.0000002D.sdmp, Offset: 00007FFE0C0B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061046699.00007FFE0C0B0000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061103306.00007FFE0C0B5000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061133880.00007FFE0C0B6000.00000004.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061243425.00007FFE0C0B7000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0b0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                                  • Opcode ID: b369c7a3d4aeae5ad645d113c91f8a0bcd0fe91402e59b6f2cf4063d5a92ee2c
                                                                                                                                                                                                                  • Instruction ID: 77b1fb2a20b8aa733c51ea64e6e8816c529954d43e75938020c453b9e72d6da6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b369c7a3d4aeae5ad645d113c91f8a0bcd0fe91402e59b6f2cf4063d5a92ee2c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00819E31E9C64386FA50DB6DA8712BD22A7AF95B80F544535EB0D837B6DF3DE801C608
                                                                                                                                                                                                                  Function 00007FFE0C0C1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                                  • Opcode ID: 4a4326d08ce927c1f365e63b7101b1e5be19474ae05a0e5b91d0bd5173d7ba57
                                                                                                                                                                                                                  • Instruction ID: 7d524b9d37eb1e41dd1adc14889de85271fe09b5c24c91437331288b28f2f827
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a4326d08ce927c1f365e63b7101b1e5be19474ae05a0e5b91d0bd5173d7ba57
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B819C75E8C24386FB50AB6DA8D12BD22A3AF95B80F544135DA4D837B7DF3CE412D608
                                                                                                                                                                                                                  Function 00007FFE0CF95750 Relevance: 16.6, APIs: 11, Instructions: 137COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: List_sqlite3_column_count$AppendDeallocErr_Occurredsqlite3_column_decltypesqlite3_column_name
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3635882276-0
                                                                                                                                                                                                                  • Opcode ID: d9064b74d351033a0ef669015c639b803f04af26b02429cb9f1113ccbc4009f7
                                                                                                                                                                                                                  • Instruction ID: da0beed3c8c36b60ca64de9a13e1ac48c8b7ba466e6fba54dfee85dd767592b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9064b74d351033a0ef669015c639b803f04af26b02429cb9f1113ccbc4009f7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0513F61A89B0682FF6A8B6DD45433827E2EF44F85F244235CA4E863B5DF2DE445C303
                                                                                                                                                                                                                  Function 00007FFE0CF97BC0 Relevance: 16.6, APIs: 11, Instructions: 128COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Dealloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3617616757-0
                                                                                                                                                                                                                  • Opcode ID: 66f201dec5999bcdca1f1054e548667c3595d41fa8e8d092d0bf57c17b411fde
                                                                                                                                                                                                                  • Instruction ID: 4a7b14307428bab6da96eaaacf10cb97c379c5d9ab038747681317d04b009513
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66f201dec5999bcdca1f1054e548667c3595d41fa8e8d092d0bf57c17b411fde
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81514A32A9EB1282EF5AAF6DD54013873E6EF44F59F248431D60D46A64CF3EA492C353
                                                                                                                                                                                                                  Function 00007FFE0CF93780 Relevance: 16.6, APIs: 11, Instructions: 106threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Object_Thread$AppendErr_FormatList_RestoreSaveThread_get_thread_identTrackWeakref_sqlite3_blob_opensqlite3_errstr
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2040240242-0
                                                                                                                                                                                                                  • Opcode ID: 893a1ed6e531e29e32e2ee08ed60919170a3bc0087d1ef2729e779a17f6dde0e
                                                                                                                                                                                                                  • Instruction ID: 961ecdc5136fb7b270e890a70acd0f5c467754c619e231848ca9b69225795003
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 893a1ed6e531e29e32e2ee08ed60919170a3bc0087d1ef2729e779a17f6dde0e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B414972A48B4286EF549F2AE84412963E2FF89B81F084434DE8E87775DF3CE4658703
                                                                                                                                                                                                                  Function 00007FFE0CF9AD6C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpacksqlite3_complete
                                                                                                                                                                                                                  • String ID: argument 'statement'$complete_statement$embedded null character$str
                                                                                                                                                                                                                  • API String ID: 4067012447-4010210820
                                                                                                                                                                                                                  • Opcode ID: 14b3b65849b9745e6cbacdb6b082a7c2af189771d89373ed0b7132cb6f464585
                                                                                                                                                                                                                  • Instruction ID: 9d21b6e4a99ef1379278659c9419f5c15d70457b192f8308733f8f5b8a4ae870
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14b3b65849b9745e6cbacdb6b082a7c2af189771d89373ed0b7132cb6f464585
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22313671A99A0282EE518B6DE48037963E2EF49B95F581136C95E433B4DF3DE484D703
                                                                                                                                                                                                                  Function 00007FFDFF1746A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                  • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                  • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                  • Opcode ID: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                  • Instruction ID: 8ab886da5b6b73f4852b2f83588f0465a8feb4e7b8dd6971af1cc57c3692f463
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4213737F08A42C1EB108B15E4A0A6923A4EB65B84F544236D9BE87BECDF3DE5558340
                                                                                                                                                                                                                  Function 00007FFE0CF92F70 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • user-defined aggregate's 'value' method not defined, xrefs: 00007FFE0CF93032
                                                                                                                                                                                                                  • user-defined aggregate's 'value' method raised error, xrefs: 00007FFE0CF9302B
                                                                                                                                                                                                                  • unable to set result from user-defined aggregate's 'value' method, xrefs: 00007FFE0CF93047
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocEnsureErr_ExceptionMatchesMethodObject_State_Vectorcallsqlite3_aggregate_contextsqlite3_result_int64sqlite3_user_data
                                                                                                                                                                                                                  • String ID: unable to set result from user-defined aggregate's 'value' method$user-defined aggregate's 'value' method not defined$user-defined aggregate's 'value' method raised error
                                                                                                                                                                                                                  • API String ID: 2957845208-283208242
                                                                                                                                                                                                                  • Opcode ID: 03f867c955cd9939227da09a91b19ae2f4776a28b6ee83e54e5548eabd2d3224
                                                                                                                                                                                                                  • Instruction ID: 48baf9e1dd29322958b790a32a9d30a91bb75fbb8e8065d8aafdcb2e682a4522
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03f867c955cd9939227da09a91b19ae2f4776a28b6ee83e54e5548eabd2d3224
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79213C22A88A4282EF449B5AE8542A963E2FF89BC4F445036DA4E87775DF3DE0458743
                                                                                                                                                                                                                  Function 00007FFDFF172720 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190073905-0
                                                                                                                                                                                                                  • Opcode ID: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                  • Instruction ID: d474eddc5a601f30e874143f47c3b5c4fff7e15fb5f9f5e0f6b716c3f06cdcee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83816F23F0828345F7549B56B870A7963D0AF65780F544239D9BC976DEDFBCA8468B00
                                                                                                                                                                                                                  Function 00007FFE0CF9B5D0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190073905-0
                                                                                                                                                                                                                  • Opcode ID: 44660995191b818fec72e8205ad8615f16947f5d2bdb0a670f71b049b4f74d7b
                                                                                                                                                                                                                  • Instruction ID: c6f19a3354df8d282e249931be8017675d6b7c086353afe7781c9fc665f40b47
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44660995191b818fec72e8205ad8615f16947f5d2bdb0a670f71b049b4f74d7b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE818061E8824747FE74AB6EB4412B962D3EF89780F485135DA0C877B6DE3CE8468703
                                                                                                                                                                                                                  Function 00007FFE0CF98BCC Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                                  • String ID: argument 1$create_collation$embedded null character$str
                                                                                                                                                                                                                  • API String ID: 2966986319-4105593861
                                                                                                                                                                                                                  • Opcode ID: 62e612d9a1f69145f417d470eaac4391f689c12de2114948ca45dd7c52164a83
                                                                                                                                                                                                                  • Instruction ID: b991619e181f983347e899213217b3bd77d53bd9e0db54734bb0adf3afc438b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62e612d9a1f69145f417d470eaac4391f689c12de2114948ca45dd7c52164a83
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2831AD31A49B8285EE50CF19E4802A9A3E2FF89BD0F585132DE5D437A5DF3CE554C702
                                                                                                                                                                                                                  Function 00007FFE0CF9B170 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Threadsqlite3_serialize$Bytes_FromRestoreSaveSizeStringThread_get_thread_identsqlite3_free
                                                                                                                                                                                                                  • String ID: unable to serialize '%s'
                                                                                                                                                                                                                  • API String ID: 4198280867-1444729120
                                                                                                                                                                                                                  • Opcode ID: 369e63f30b2e34197e494cd46978f07f9e742a14e85fecd6c415e6abcb516a37
                                                                                                                                                                                                                  • Instruction ID: d0ea548b48d7c7a48dec910898600640407fb706629de9eb9eecdcdcb7c7016f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 369e63f30b2e34197e494cd46978f07f9e742a14e85fecd6c415e6abcb516a37
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48214D25A48B4782EE259F9AB91427AA3A2EF89FD4F044031CE0D87765EF7CD0468343
                                                                                                                                                                                                                  Function 00007FFE0CFBA160 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocErr_$DecodeOccurredStringUnicode_
                                                                                                                                                                                                                  • String ID: multi-byte encodings are not supported$replace
                                                                                                                                                                                                                  • API String ID: 2771326594-2045899619
                                                                                                                                                                                                                  • Opcode ID: a87d39b7652ae618e56ab33eb339ca28e0fa2cfc6e81f2ed320bc56e2ed781d0
                                                                                                                                                                                                                  • Instruction ID: 891429853cb6e6ac40d4d857100fc975460e0bf063488ab4da2a6590f38625f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a87d39b7652ae618e56ab33eb339ca28e0fa2cfc6e81f2ed320bc56e2ed781d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A831AC31B98A0682FB688B29D91837823E1FF45B89F144130DB5E477F0DF7EA9859342
                                                                                                                                                                                                                  Function 00007FFE0CF96F98 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                                                                                                                                                                  • String ID: argument$embedded null character$executescript$str
                                                                                                                                                                                                                  • API String ID: 4155279725-1184527837
                                                                                                                                                                                                                  • Opcode ID: 41303e3c359edb6a69ee653020e9934b9cac675b89ec64c856a81820fafaf6ed
                                                                                                                                                                                                                  • Instruction ID: fd00edbbb5421ce28a2d119eafe1b88b023964ac6e48123782ffe55e7b902b1b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41303e3c359edb6a69ee653020e9934b9cac675b89ec64c856a81820fafaf6ed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3118260A58A4290EE518B5EF45017567E2EF44BA4F485231E91F873B4EE3CD494C303
                                                                                                                                                                                                                  Function 00007FFE0C0C1D40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _wassert$memcpy
                                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                                  • API String ID: 4292997394-330188172
                                                                                                                                                                                                                  • Opcode ID: f93bf9a1bff45e88fee97ee573f8f545db030f15f1c3c6a4e123305fa4056529
                                                                                                                                                                                                                  • Instruction ID: 2d3647aa8dbf63aa150718c61ef3e96be81bff0b564bda90453c7582042cb5fc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f93bf9a1bff45e88fee97ee573f8f545db030f15f1c3c6a4e123305fa4056529
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4917032F18A9586FB05CB28D5843FD6362FF98388F559221DF8D12A6ADF38E585C704
                                                                                                                                                                                                                  Function 00007FFDFF1716D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                  • String ID: a unicode character$argument$category
                                                                                                                                                                                                                  • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                  • Opcode ID: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                  • Instruction ID: 63477a47aa4a6a05553de959075e0ba5a277e5729ad386a31d26105081727884
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE519563F1965681FB588B06F470AB863A1EB64B84F541235DAFE977D8DF2CE851C300
                                                                                                                                                                                                                  Function 00007FFDFF171000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                  • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                  • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                  • Opcode ID: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                  • Instruction ID: 5b3e47d7c91aeb9bf004f2f9e3827ecdd77b4bc055218218516760e35a5cf09c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941A263F1869282FB588B15E471B792361FB64B90F441235DAFEA76DCDF2DE9908300
                                                                                                                                                                                                                  Function 00007FFE0CF93BF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93FB0: PyThread_get_thread_ident.PYTHON312(?,?,?,00007FFE0CF91026), ref: 00007FFE0CF93FBF
                                                                                                                                                                                                                  • PyObject_CallOneArg.PYTHON312(?,?,?,00007FFE0CF9286C), ref: 00007FFE0CF93C2B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallObject_Thread_get_thread_ident
                                                                                                                                                                                                                  • String ID: factory must return a cursor, not %.100s
                                                                                                                                                                                                                  • API String ID: 1188859112-1305497770
                                                                                                                                                                                                                  • Opcode ID: d0bedeb7f1f3d80446d20f8daa6e3d8303959862511d69bf5e79a5dd72273c2c
                                                                                                                                                                                                                  • Instruction ID: 48f83837fa9ce7b6f0a7329e9b4284f2af110f1c598d3bf67e55f45f11f0acf0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bedeb7f1f3d80446d20f8daa6e3d8303959862511d69bf5e79a5dd72273c2c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9231F876A88B0391EE599B6ED55427823E2EF49BD4F544031CE0E877B4DF2CE8988313
                                                                                                                                                                                                                  Function 00007FFE0CF93170 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyGILState_Ensure.PYTHON312 ref: 00007FFE0CF9318C
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93390: PyTuple_New.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933A6
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93390: sqlite3_value_type.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933DE
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93390: sqlite3_value_int64.SQLITE3(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933EC
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93390: PyLong_FromLongLong.PYTHON312(?,00000000,?,00000000,00007FFE0CF92511), ref: 00007FFE0CF933F5
                                                                                                                                                                                                                  • sqlite3_user_data.SQLITE3 ref: 00007FFE0CF931AC
                                                                                                                                                                                                                  • PyObject_CallObject.PYTHON312 ref: 00007FFE0CF931B8
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312 ref: 00007FFE0CF931CF
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312 ref: 00007FFE0CF9322C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocLong$CallEnsureFromLong_ObjectObject_State_Tuple_sqlite3_user_datasqlite3_value_int64sqlite3_value_type
                                                                                                                                                                                                                  • String ID: user-defined function raised exception
                                                                                                                                                                                                                  • API String ID: 4124193293-1286346901
                                                                                                                                                                                                                  • Opcode ID: cc059818c2c035a0d39ba0be1e50bb243d03f37504f023a90c5023df38e29caa
                                                                                                                                                                                                                  • Instruction ID: ac146749c227990e1a8a6d64cf45691b702d89e071c856d68b3efddee8c5afd1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc059818c2c035a0d39ba0be1e50bb243d03f37504f023a90c5023df38e29caa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40113D21B88B4282EE145BAAA94413962E2EF45FD0F484030DA0E87B75DF3CE4998343
                                                                                                                                                                                                                  Function 00007FFE0CF91DF8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_Long_Occurred$Arg_CheckPositional
                                                                                                                                                                                                                  • String ID: seek
                                                                                                                                                                                                                  • API String ID: 1822060353-3560504983
                                                                                                                                                                                                                  • Opcode ID: 926d059e5d9e80a19d3e295d7b53372f48f1d148a91f384a73d024dc51ebe923
                                                                                                                                                                                                                  • Instruction ID: 451208e9dabf1c27b6f52c2c0b93e5d87c9cd0893df23f26b3b69c60217342cc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 926d059e5d9e80a19d3e295d7b53372f48f1d148a91f384a73d024dc51ebe923
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C113D21B4861386EE10AB6EA4441B962E6EF48B94F648535DD1D877B4EF3CF8468303
                                                                                                                                                                                                                  Function 00007FFE0CF91D70 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Long_$Err_Occurred$Arg_CheckFromLongPositionalsqlite3_limit
                                                                                                                                                                                                                  • String ID: setlimit
                                                                                                                                                                                                                  • API String ID: 3681987196-3077864178
                                                                                                                                                                                                                  • Opcode ID: cde870e88a60418d1170e7858988b7a217daf02664a498ac0202b222ac04681d
                                                                                                                                                                                                                  • Instruction ID: 964d86e6270a94218bed6652b985c1d7a75ff4fd1e6ca4cca21ac872b2d9acfc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cde870e88a60418d1170e7858988b7a217daf02664a498ac0202b222ac04681d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC118C24B48A4285EE649B6EE44413D62E2EF48F90F288532DA1E837B5DF3CE4548303
                                                                                                                                                                                                                  Function 00007FFE0CF915E4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • sqlite3_blob_bytes.SQLITE3(?,?,?,00007FFE0CF915C4,?,?,?,00007FFE0CF9156A), ref: 00007FFE0CF9160D
                                                                                                                                                                                                                  • PyEval_SaveThread.PYTHON312(?,?,?,00007FFE0CF915C4,?,?,?,00007FFE0CF9156A), ref: 00007FFE0CF9161E
                                                                                                                                                                                                                  • sqlite3_blob_write.SQLITE3(?,?,?,00007FFE0CF915C4,?,?,?,00007FFE0CF9156A), ref: 00007FFE0CF91634
                                                                                                                                                                                                                  • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFE0CF915C4,?,?,?,00007FFE0CF9156A), ref: 00007FFE0CF9163F
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,?,00007FFE0CF915C4,?,?,?,00007FFE0CF9156A), ref: 00007FFE0CF9168D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Thread$Err_RestoreSaveStringsqlite3_blob_bytessqlite3_blob_write
                                                                                                                                                                                                                  • String ID: data longer than blob length
                                                                                                                                                                                                                  • API String ID: 1423125178-2959845269
                                                                                                                                                                                                                  • Opcode ID: 6871c7484457fb4a0e0dc9c42f8531bf4ff4c3f50e1264cd36a9a93029551ab7
                                                                                                                                                                                                                  • Instruction ID: 9e47a0040a1967696d488dda4c695b661a5b6c7663c6742ed6f261c29c9348b2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6871c7484457fb4a0e0dc9c42f8531bf4ff4c3f50e1264cd36a9a93029551ab7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9113D65B58B4281DE109F6EE48402967B1FF98FC4B185132DE5E83B70CF38E4568342
                                                                                                                                                                                                                  Function 00007FFDFF171150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _PyArg_CheckPositional.PYTHON312 ref: 00007FFDFF1736E7
                                                                                                                                                                                                                  • _PyArg_BadArgument.PYTHON312 ref: 00007FFDFF17371A
                                                                                                                                                                                                                    • Part of subcall function 00007FFDFF1711B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFF1711E2
                                                                                                                                                                                                                    • Part of subcall function 00007FFDFF1711B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFF1711FA
                                                                                                                                                                                                                    • Part of subcall function 00007FFDFF1711B0: PyType_IsSubtype.PYTHON312 ref: 00007FFDFF17121D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                  • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                  • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                  • Opcode ID: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                  • Instruction ID: 103c4870ba324a24269d73416dcfbc48224b30cdbaec4645ee2b282dcfd212ba
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B61130A3F0864690EB508B15F4A1EB56360AB24FC4F588131D9BD5B6D8DF2CD584C340
                                                                                                                                                                                                                  Function 00007FFDFF174870 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                  • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                  • API String ID: 3876575403-184702317
                                                                                                                                                                                                                  • Opcode ID: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                  • Instruction ID: ff5fbcc2a7b9b981c8c245467a22c9918145428290ba7683706fca7e84b04907
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2017C63F0868AD5EB508B42F4A1EB56360AB28FC4F588131D9BD476DCCF2CD595C740
                                                                                                                                                                                                                  Function 00007FFE0CF93F40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_String$ModuleModule_StateType_
                                                                                                                                                                                                                  • String ID: Base Connection.__init__ not called.$Cannot operate on a closed database.
                                                                                                                                                                                                                  • API String ID: 617629066-2493460445
                                                                                                                                                                                                                  • Opcode ID: ee15b0c1804e816915fcb96c90416b97f749eb975d217efd573ba85da809a2a5
                                                                                                                                                                                                                  • Instruction ID: d063d30d4b35c1d723135badb58066a43d90da936a0ae8a468ebe03c72328857
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee15b0c1804e816915fcb96c90416b97f749eb975d217efd573ba85da809a2a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF0A965A55902C2EF189B5DE8843A823E1FF88B59F945031C50E86270DE7DE5DBC703
                                                                                                                                                                                                                  Function 00007FFE0CF96DC8 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Dealloc$Eval_List_Thread$AppendErr_OccurredRestoreSaveThread_get_thread_identsqlite3_step
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 306718564-0
                                                                                                                                                                                                                  • Opcode ID: cc6041f3fd483124121a96d46305afc7a493cd6f912f60172a36f9cf83469d4a
                                                                                                                                                                                                                  • Instruction ID: 849214c9da8a02bf85b0207497f15b6f148bcf64875413048c9db9bc743b0b01
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc6041f3fd483124121a96d46305afc7a493cd6f912f60172a36f9cf83469d4a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C214F31E8870281EF986F6DD9142B872E6EF48F85F044035DA0D863A4CF3CE4918307
                                                                                                                                                                                                                  Function 00007FFE0CF971DC Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Dealloc$Eval_List_Thread$AppendErr_OccurredRestoreSaveThread_get_thread_identsqlite3_step
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 306718564-0
                                                                                                                                                                                                                  • Opcode ID: b88cee65d7c25292724c74b51c0f633757adb387425dec7cdf29a1ded7aec9d3
                                                                                                                                                                                                                  • Instruction ID: e585228373440f8711939493e7b53d0a5f604ac58c33ef460d0d5e03bec73c32
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b88cee65d7c25292724c74b51c0f633757adb387425dec7cdf29a1ded7aec9d3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0115121FBD74383FE686B6EA51413922D2EF89B95F045036E94E467B4DE2CF0818B03
                                                                                                                                                                                                                  Function 00007FFE0CFC918C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocDict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                                  • String ID: SkippedEntity
                                                                                                                                                                                                                  • API String ID: 3887327737-2419268895
                                                                                                                                                                                                                  • Opcode ID: ea30e1c9adc801e5b165a3e97b7e0e42f2abedac868c20740f992db50be5d491
                                                                                                                                                                                                                  • Instruction ID: 75467e1432dfe2540d72349dfc06353a2b780c603ab860127b92a30d45f65800
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea30e1c9adc801e5b165a3e97b7e0e42f2abedac868c20740f992db50be5d491
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04216831B4975282FB149B19E6843B973E4AF45B98F088035DACD07BB1EF7DE5828342
                                                                                                                                                                                                                  Function 00007FFDFF17479C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                  • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                  • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                  • Opcode ID: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                  • Instruction ID: ba7fbe3ef9a1a88d3785b2f503e4a74e01687b5ede84fbe762c93cfe33cd625e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB219F23F0CA86C1EB549B52B4B097967A1FB64B80F448239D6BD436DCDF2CE5A58740
                                                                                                                                                                                                                  Function 00007FFDFF174D6C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                  • String ID: not a numeric character
                                                                                                                                                                                                                  • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                  • Opcode ID: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                                  • Instruction ID: 541236be98a9b38f55b1ac117b04836ab28f01ea35fbebb8f8ee5f8a18b79ab0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A213E23F0C942C5EB558B25F4B093867A1AF74B94F148731C9FE466DCEF2CE4A18640
                                                                                                                                                                                                                  Function 00007FFDFF174448 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                  • String ID: not a decimal
                                                                                                                                                                                                                  • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                  • Opcode ID: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                  • Instruction ID: 281a0bb5b3dbbe7163dbb0813bbb8d855011404af6c3d24a743eb1ef9733719f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5111F27F0854281EB548B16F46493927A1AF74B85B484630CABE476DCDF2CE450A740
                                                                                                                                                                                                                  Function 00007FFDFF174390 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                  • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                  • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                  • Opcode ID: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                  • Instruction ID: 69e5d2e1f677a6906de3e947e9ae3ae66da2e28a225b78c120b20bdc0c43c0c6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B116023F08652C5EB509B42F4A09A92360EB65F84F544236DABE5779DCF3CD5A58300
                                                                                                                                                                                                                  Function 00007FFDFF174B70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                  • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                  • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                  • Opcode ID: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                                  • Instruction ID: 463e86e0b1bbe07ea2b8161b0c2ab318c3cb457b7f64e99e00d1d725698ae4f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C116D27F08A42C1EB509B42F4A0AA92360EB69B84F584236DABD4779DCF3DE555C340
                                                                                                                                                                                                                  Function 00007FFDFF174CB4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                  • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                  • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                  • Opcode ID: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                                  • Instruction ID: 8bfbd43a177ce57c7bfb4669191edc6873169a84113352148c15824729da9a53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04118B33F0CA42C5EB109B42F4A0AA92360EB64F84F544232DABD4779DCF2CD1958340
                                                                                                                                                                                                                  Function 00007FFE0CF967A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_String$SizeUnicode_
                                                                                                                                                                                                                  • String ID: embedded null character$isolation_level must be str or None
                                                                                                                                                                                                                  • API String ID: 2104487336-3788339278
                                                                                                                                                                                                                  • Opcode ID: 3d176faaec0a1f218d8257cc38afed4c3b0548dfca50fa40039e42c69e8181c2
                                                                                                                                                                                                                  • Instruction ID: 53be9d76aa1b8b6a50ddfccf8168551d3a31623f47afbc17eadd95982e19f9c9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d176faaec0a1f218d8257cc38afed4c3b0548dfca50fa40039e42c69e8181c2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44118C61E49A0685FF918B6CE49027823E2EF48BA4F484531E91EC33F0EE2CE495C313
                                                                                                                                                                                                                  Function 00007FFE0CF9E590 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PySys_Audit.PYTHON312(?,?,?,00007FFE0CF9E57E), ref: 00007FFE0CF9E5C1
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93FB0: PyThread_get_thread_ident.PYTHON312(?,?,?,00007FFE0CF91026), ref: 00007FFE0CF93FBF
                                                                                                                                                                                                                  • sqlite3_enable_load_extension.SQLITE3(?,?,?,00007FFE0CF9E57E), ref: 00007FFE0CF9E5E9
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,?,00007FFE0CF9E57E), ref: 00007FFE0CF9E601
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AuditErr_StringSys_Thread_get_thread_identsqlite3_enable_load_extension
                                                                                                                                                                                                                  • String ID: Error enabling load extension$sqlite3.enable_load_extension
                                                                                                                                                                                                                  • API String ID: 2498894031-1653469728
                                                                                                                                                                                                                  • Opcode ID: 4ba46e8c4212ce8ab76c8eabdbb439d87aaa468e456463ba81ed1c7dc43ca7d0
                                                                                                                                                                                                                  • Instruction ID: 13b96b03db273dc763e20e0c99ad2397680c478c4a4c8d906e9050657d39ff52
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ba46e8c4212ce8ab76c8eabdbb439d87aaa468e456463ba81ed1c7dc43ca7d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D501E561A98A8381EE04DB6EE84417963E2EF84B89F085032C91E876B5DE3CE845C713
                                                                                                                                                                                                                  Function 00007FFDFF174A7C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                  • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                  • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                  • Opcode ID: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                                  • Instruction ID: 885a61a230d95f01adacc68d4ab987b068726e3b2dba5352eab7fc688cc37f15
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2014C63F08642C5EB249B11B8A19B923A0BF68B54F500735D5BE876D9DF2CD5648340
                                                                                                                                                                                                                  Function 00007FFDFF1742A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                  • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                  • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                  • Opcode ID: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                  • Instruction ID: aadcdc7e39ea6d63182c886ea6e62055d405f11e01913f56f96668bb1850708a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2015E63F08A42C1EB289B51B8A09B823A0BF28B54F800739D5BD972DDDF3CD5A58340
                                                                                                                                                                                                                  Function 00007FFE0CFCC98C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$CurrentFileProcessSystemrand_s
                                                                                                                                                                                                                  • String ID: fallback(4)$rand_s
                                                                                                                                                                                                                  • API String ID: 2124637630-25474216
                                                                                                                                                                                                                  • Opcode ID: f33547299a817d40d0ae5eea79905921a2cb97b908aa16cb8dc3cfba3f2a0801
                                                                                                                                                                                                                  • Instruction ID: 20784513ee41b319ec588442a27d90582982819a64f463f55390ffb1f6ef3883
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f33547299a817d40d0ae5eea79905921a2cb97b908aa16cb8dc3cfba3f2a0801
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC017C32B7C04686EB44CB28E5D857A77E1FF90708F501135E18F818B8DE2CE888CB02
                                                                                                                                                                                                                  Function 00007FFDFF172610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                  • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                  • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                  • Opcode ID: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                  • Instruction ID: 1893572f4776db0ee68b86bf3a85fe737dcede967edf0872ee2a680fec13d7ec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF01D23F19B8295FB054B11B82497563A4BF28B81F481631D8BD063ECEF3CE1458710
                                                                                                                                                                                                                  Function 00007FFE0CF91000 Relevance: 7.6, APIs: 5, Instructions: 59threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Thread$Err_MemoryRestoreSaveThread_get_thread_identsqlite3_deserializesqlite3_malloc64
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1996515344-0
                                                                                                                                                                                                                  • Opcode ID: a48f24281fe3bdb5d0951664f4a0938facb8c8c9150845203f550ef3463af556
                                                                                                                                                                                                                  • Instruction ID: c96fb5da6909b0599de4084a81ec76d78ba285fa4d29603b915998c537913593
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a48f24281fe3bdb5d0951664f4a0938facb8c8c9150845203f550ef3463af556
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20213866A88B8282EE209B5AA84407A67A6FF48FD0F484531DE4E43B75DF7DE0458303
                                                                                                                                                                                                                  Function 00007FFE0CF94000 Relevance: 7.5, APIs: 5, Instructions: 45threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyEval_SaveThread.PYTHON312 ref: 00007FFE0CF94015
                                                                                                                                                                                                                  • sqlite3_prepare_v2.SQLITE3(?,?,?,?,?,?,?,00007FFE0CF92413), ref: 00007FFE0CF94047
                                                                                                                                                                                                                  • sqlite3_step.SQLITE3(?,?,?,?,?,?,?,00007FFE0CF92413), ref: 00007FFE0CF94058
                                                                                                                                                                                                                  • sqlite3_finalize.SQLITE3(?,?,?,?,?,?,?,00007FFE0CF92413), ref: 00007FFE0CF94063
                                                                                                                                                                                                                  • PyEval_RestoreThread.PYTHON312(?,?,?,?,?,?,?,00007FFE0CF92413), ref: 00007FFE0CF9406E
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF958F0: sqlite3_errcode.SQLITE3 ref: 00007FFE0CF9590D
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF958F0: sqlite3_extended_errcode.SQLITE3 ref: 00007FFE0CF9592A
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF958F0: sqlite3_errmsg.SQLITE3 ref: 00007FFE0CF95935
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Thread$RestoreSavesqlite3_errcodesqlite3_errmsgsqlite3_extended_errcodesqlite3_finalizesqlite3_prepare_v2sqlite3_step
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3818985789-0
                                                                                                                                                                                                                  • Opcode ID: 904a6eaad82585b02b2f57369500d400ffc847d15c8d17131286e2106c5897be
                                                                                                                                                                                                                  • Instruction ID: 0cd91eeda3f02f52bf02271e6214fd55ec9596a74ce58c5a129a1c001b685c5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 904a6eaad82585b02b2f57369500d400ffc847d15c8d17131286e2106c5897be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66115421B08A4182DB108B6AF44022AA7B1FF85BE0F040331DF6D837B5DF6CD4428702
                                                                                                                                                                                                                  Function 00007FFE0CF99B90 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocState_$EnsureFreeMem_Release
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1673861309-0
                                                                                                                                                                                                                  • Opcode ID: 015dc8fe86843b89052bb1318427dd355ca4f18e8465ecb22efab57eeb836275
                                                                                                                                                                                                                  • Instruction ID: d1fac4fed28fbdba29806f40f31ef9de84eefbfdb7c4d5c00475c0176784062b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 015dc8fe86843b89052bb1318427dd355ca4f18e8465ecb22efab57eeb836275
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D011276AAE502C2FE1E5F6DD45423822E2EF85B55F192034C50E426B0CF7CA7958303
                                                                                                                                                                                                                  Function 00007FFE0CF99960 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Eval_Thread$Object_RestoreSaveTracksqlite3_finalize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 478104443-0
                                                                                                                                                                                                                  • Opcode ID: 2d6cf36a86d09d4b9c7a1251feebc9daf34dab961d6c86efb15b1dc5eb947cdb
                                                                                                                                                                                                                  • Instruction ID: b4618cda64c34aa1683d30aada59bb03e1a0e7b500a7703082ef4947ffdb6349
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d6cf36a86d09d4b9c7a1251feebc9daf34dab961d6c86efb15b1dc5eb947cdb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE012832959B4182EB508B69E45832963A2FF45F95F081030DA8E46B64CF7CE486C303
                                                                                                                                                                                                                  Function 00007FFE0C0B2460 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061073437.00007FFE0C0B1000.00000020.00000001.01000000.0000002D.sdmp, Offset: 00007FFE0C0B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061046699.00007FFE0C0B0000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061103306.00007FFE0C0B5000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061133880.00007FFE0C0B6000.00000004.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061243425.00007FFE0C0B7000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0b0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _wassertmemcpy
                                                                                                                                                                                                                  • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                                  • API String ID: 785382960-3286700114
                                                                                                                                                                                                                  • Opcode ID: 8e307c5d76f5c296c65b880e1eedf86098b3d88c76ad4ba263cbc005006bb698
                                                                                                                                                                                                                  • Instruction ID: d84cf6d6a83b9e8d1bb26c10c4357cee42b5aacb9190f80f488e9f1eec089719
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e307c5d76f5c296c65b880e1eedf86098b3d88c76ad4ba263cbc005006bb698
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C21BC72B5865187EB58EF19E1602796362FF45B88F185035EF4A07FA9CB3CD881C708
                                                                                                                                                                                                                  Function 00007FFE0C0C2310 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _wassertmemcpy
                                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                                  • API String ID: 785382960-330188172
                                                                                                                                                                                                                  • Opcode ID: 5f236b3a02f1b8719ce91ccd1f070033bb7813497e23d6c387bbe62e9be5bfa0
                                                                                                                                                                                                                  • Instruction ID: a2963c08c79bd06a3eaa392511cc82328c68fee5ebe4650119d98e7344225e4b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f236b3a02f1b8719ce91ccd1f070033bb7813497e23d6c387bbe62e9be5bfa0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9721BD36B4869187EB188F19E59037D6762FF84B88F185035DA5A47FA9CF3CD881C708
                                                                                                                                                                                                                  Function 00007FFE0CF9A7CC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Module_State$Arg_CheckPositional
                                                                                                                                                                                                                  • String ID: adapt
                                                                                                                                                                                                                  • API String ID: 1782919875-3883312240
                                                                                                                                                                                                                  • Opcode ID: a3e48d0154d3cdaf0e621ebc7e1dbb8089d24b4af68c43d20aeae8d196c53f27
                                                                                                                                                                                                                  • Instruction ID: 5a4847b9d54e9238eca6c098a08924fefe5778e02c8dbd463d3700a3045ca6a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3e48d0154d3cdaf0e621ebc7e1dbb8089d24b4af68c43d20aeae8d196c53f27
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE117032B48A4286EA149B5AE8001AAA7A2FF44FD0F488435DE5C83765CF3CD597D702
                                                                                                                                                                                                                  Function 00007FFE0CF91778 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                                                                                                                                                                  • String ID: read
                                                                                                                                                                                                                  • API String ID: 3612027452-2555855207
                                                                                                                                                                                                                  • Opcode ID: de0bf1c628e67738db14ba34205f7f0eacc347a717a15343fe1befffdab1f76c
                                                                                                                                                                                                                  • Instruction ID: e093888f5f1fb1c85a9aef55f567796cdbedfb8301437f872f60edc5938abff9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de0bf1c628e67738db14ba34205f7f0eacc347a717a15343fe1befffdab1f76c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00117C25B98A4385EE509B2E944017D62E6EF98FD0F298231DE1D837A0CF3CE4428703
                                                                                                                                                                                                                  Function 00007FFE0CF96974 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: sqlite3_get_autocommit$Thread_get_thread_ident
                                                                                                                                                                                                                  • String ID: BEGIN$COMMIT
                                                                                                                                                                                                                  • API String ID: 796689684-114194160
                                                                                                                                                                                                                  • Opcode ID: 9cf58f3f9a19da8dff566f064989630d4f8430ce77fad504ec4c80f9d1aab916
                                                                                                                                                                                                                  • Instruction ID: ef84590a7fbf2d3a0619eaccac02091694cf51c3548121a7dfdc61087ccabc2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cf58f3f9a19da8dff566f064989630d4f8430ce77fad504ec4c80f9d1aab916
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36115E21A9865381FF949F2AA95027962E6EF44BD4F449032FE1DC22F9EF2CE454C603
                                                                                                                                                                                                                  Function 00007FFDFF171ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFDFF171EBC), ref: 00007FFDFF173C1F
                                                                                                                                                                                                                    • Part of subcall function 00007FFDFF171FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFF171FE8
                                                                                                                                                                                                                    • Part of subcall function 00007FFDFF171FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFF172006
                                                                                                                                                                                                                  • PyErr_Format.PYTHON312 ref: 00007FFDFF171F33
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                  • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                  • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                  • Opcode ID: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                  • Instruction ID: 9dfc32bf1b5711d66c3dbdbc33e69d8c20f779de984c69fb777ce8eb693e0e47
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF110A67F18947C1FB008B14F8A4AB46361FBA8B49F800631CABD862E8DF7DD54AC740
                                                                                                                                                                                                                  Function 00007FFE0CF9E7C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AuditErr_StringSys_Thread_get_thread_identsqlite3_load_extension
                                                                                                                                                                                                                  • String ID: sqlite3.load_extension
                                                                                                                                                                                                                  • API String ID: 3641211690-2441141041
                                                                                                                                                                                                                  • Opcode ID: cb1658754d26e0e15e44fc92b37de61661d221ce2c07f3ea8b71d1c62d7e5697
                                                                                                                                                                                                                  • Instruction ID: f266e888a9df8ec5664503ee0bc72a7461e334e866b9c899fd5ab447c82ddb0e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb1658754d26e0e15e44fc92b37de61661d221ce2c07f3ea8b71d1c62d7e5697
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70012D61A4864281EE048BAAF84017967E6EF45BC4F486032EE1E87678DE2CD4558303
                                                                                                                                                                                                                  Function 00007FFE0CF93FB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu., xrefs: 00007FFE0CF93FDF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread_get_thread_ident$Err_Format
                                                                                                                                                                                                                  • String ID: SQLite objects created in a thread can only be used in that same thread. The object was created in thread id %lu and this is thread id %lu.
                                                                                                                                                                                                                  • API String ID: 717450659-2269055449
                                                                                                                                                                                                                  • Opcode ID: b7bd438496e8d351a587bf5293ad47d141b3217d754468ca4c2bff0c53abf676
                                                                                                                                                                                                                  • Instruction ID: 2dff4080354a5441c407f525b38ccb123f675d953ec564a5db56da1cd6cfe9a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7bd438496e8d351a587bf5293ad47d141b3217d754468ca4c2bff0c53abf676
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFE06D72F45506C2EF945BA9E48462822F1EF08B2AF842030C9098A364DF6CA4DA8713
                                                                                                                                                                                                                  Function 00007FFDFF171FB0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                                  • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                  • API String ID: 1114863663-87138338
                                                                                                                                                                                                                  • Opcode ID: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                  • Instruction ID: ff157e1aaa43e96b15a13730d33bc542ae9bfe5373167b47bfa1bf03c7e94f09
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0461D633F1868146E7609A15B420ABA7352FBA4B90F548335EABD476CCDF7DE502CB00
                                                                                                                                                                                                                  Function 00007FFE0CF95FBC Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PyObject_VectorcallMethod.PYTHON312(?,?,00000001,00007FFE0CF95828,?,?,00000000,00007FFE0CF948DC), ref: 00007FFE0CF96077
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312(?,?,00000001,00007FFE0CF95828,?,?,00000000,00007FFE0CF948DC), ref: 00007FFE0CF9608E
                                                                                                                                                                                                                  • PyDict_GetItemWithError.PYTHON312(?,?,00000001,00007FFE0CF95828,?,?,00000000,00007FFE0CF948DC), ref: 00007FFE0CF960A0
                                                                                                                                                                                                                  • _Py_Dealloc.PYTHON312(?,?,00000001,00007FFE0CF95828,?,?,00000000,00007FFE0CF948DC), ref: 00007FFE0CF960B7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Dealloc$Dict_ErrorItemMethodObject_VectorcallWith
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3911002655-0
                                                                                                                                                                                                                  • Opcode ID: dc454f30133afce7e8eaa83b635d01ff4ce3e30798cc0e3194e55c87172d3214
                                                                                                                                                                                                                  • Instruction ID: 307992e8822190cb4258fb2c52dba34224c3869fc50f5922a540e4b3bfae5b76
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc454f30133afce7e8eaa83b635d01ff4ce3e30798cc0e3194e55c87172d3214
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E213C7354D7828BDB428F38E89176C7BF1EB45B54F488072C789836A6DA2DA494C713
                                                                                                                                                                                                                  Function 00007FFE0179150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2060270398.00007FFE01791000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE01790000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060243951.00007FFE01790000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060298236.00007FFE01793000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2060326142.00007FFE01795000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe01790000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                  • Instruction ID: a278bedda9be2f54a3bfe0bcdadaaf5dc646c5f9e390d23215f24d6019a01c54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B111C22B15B0189EB008B74E8552B833A4F71A758F480D31DA6D4A7A5DF7CD1A98340
                                                                                                                                                                                                                  Function 00007FFE0C0B150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061073437.00007FFE0C0B1000.00000020.00000001.01000000.0000002D.sdmp, Offset: 00007FFE0C0B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061046699.00007FFE0C0B0000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061103306.00007FFE0C0B5000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061133880.00007FFE0C0B6000.00000004.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061243425.00007FFE0C0B7000.00000002.00000001.01000000.0000002D.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0b0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 35793672486907f85f78470f91632de72c2c77bd04ed6848e52fa048c16991bf
                                                                                                                                                                                                                  • Instruction ID: aecfef3a992c350ca93fffc0b23b2974c5288b1bb3469589cadba7a5e77de071
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35793672486907f85f78470f91632de72c2c77bd04ed6848e52fa048c16991bf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38112E22B68F0589EB00CF65E8642B933A4FB19758F441E31EB6E467A4DF7CD198C380
                                                                                                                                                                                                                  Function 00007FFE0C0C150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2061485406.00007FFE0C0C1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0C0C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061361722.00007FFE0C0C0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061546770.00007FFE0C0C4000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061641901.00007FFE0C0C5000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2061842309.00007FFE0C0C6000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0c0c0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 493cd77a90e5c295e0a13832c877ca8242a8c7c6650e20918972179ee45c67e9
                                                                                                                                                                                                                  • Instruction ID: d39cf33fca368013ddce3d857df506d7889f4232ce1cf3f0a933fff8ddbaf31e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 493cd77a90e5c295e0a13832c877ca8242a8c7c6650e20918972179ee45c67e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96112E26B94F0189EB00CF64E8942B833A4FB59758F541E31DA6D867A4DF7CE198C344
                                                                                                                                                                                                                  Function 00007FFDFF172BEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                  • Instruction ID: 7d2e0b9b129279382a87360aa4a8cc2f1b0264a59485aec83ee3c5f995733f34
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87111826B14F018AEB008B60E8646A833A4FB29B58F441E35DA7D867A8DF78E154C380
                                                                                                                                                                                                                  Function 00007FFE0CF9AF6C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_Occurred$Bool_FromLongLong_sqlite3_db_config
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1744486208-0
                                                                                                                                                                                                                  • Opcode ID: 98974c9106eacf865bf71117b3715d08b943ccf9d80f9cde216d8d9d31f42702
                                                                                                                                                                                                                  • Instruction ID: c5a8ae15629c60a495a379d955b844a863416d32fc67b290eca97ce6b01a67b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98974c9106eacf865bf71117b3715d08b943ccf9d80f9cde216d8d9d31f42702
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F06861B5C64282ED545B6EA44403961D3EF88BA8F284534E92F877F4EF3CE4475317
                                                                                                                                                                                                                  Function 00007FFE0CFBC560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062263977.00007FFE0CFB1000.00000020.00000001.01000000.00000021.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062233724.00007FFE0CFB0000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062343656.00007FFE0CFDB000.00000004.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062374750.00007FFE0CFDE000.00000002.00000001.01000000.00000021.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cfb0000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeallocErr_String
                                                                                                                                                                                                                  • String ID: Cannot delete attribute
                                                                                                                                                                                                                  • API String ID: 1259552197-1790985853
                                                                                                                                                                                                                  • Opcode ID: f4c7ae98fca3f1f1401c1eb440b0684fdf4cfc2607cfeaae32c5b92cb69061af
                                                                                                                                                                                                                  • Instruction ID: b1e6ef4f3418c8a778c709f08359255b861b45be64dbecc5ec91d8529f3e2298
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4c7ae98fca3f1f1401c1eb440b0684fdf4cfc2607cfeaae32c5b92cb69061af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D318076B48A4286EB648B2DE68463A67E1FF48BC4F141132DB4D47B78CF3CE4418702
                                                                                                                                                                                                                  Function 00007FFE0CF9AFDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93FB0: PyThread_get_thread_ident.PYTHON312(?,?,?,00007FFE0CF91026), ref: 00007FFE0CF93FBF
                                                                                                                                                                                                                  • sqlite3_db_config.SQLITE3(?,?,00000000,00007FFE0CF9AF9A), ref: 00007FFE0CF9B01A
                                                                                                                                                                                                                  • PyErr_Format.PYTHON312(?,?,00000000,00007FFE0CF9AF9A), ref: 00007FFE0CF9B04B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Err_FormatThread_get_thread_identsqlite3_db_config
                                                                                                                                                                                                                  • String ID: unknown config 'op': %d
                                                                                                                                                                                                                  • API String ID: 1965164816-2608436191
                                                                                                                                                                                                                  • Opcode ID: b5cc96fee7b7bb7eda4e3e75f5bae5846710fc695d48b26404b858f0b80f4b5c
                                                                                                                                                                                                                  • Instruction ID: 3ab41679792fba7c5287647b508af1fc8d71b038cef3ecb4a069c19980b43e1a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5cc96fee7b7bb7eda4e3e75f5bae5846710fc695d48b26404b858f0b80f4b5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1017522B4C64382EE249B2EF44147963E2EF85B94F145131DE2E876F6DE3DD4458307
                                                                                                                                                                                                                  Function 00007FFE0CF927C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CheckErr_Index_LongLong_String
                                                                                                                                                                                                                  • String ID: Blob indices must be integers
                                                                                                                                                                                                                  • API String ID: 257857910-3494654483
                                                                                                                                                                                                                  • Opcode ID: ea44706ef184a184ccce5e08b6b399f2154abb4c6e8b143747fdd08c1e3222e5
                                                                                                                                                                                                                  • Instruction ID: f96ae1b400accea44ca169d71c6970d49edef7b7d9e4ccb6b8a0d02007ff4735
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea44706ef184a184ccce5e08b6b399f2154abb4c6e8b143747fdd08c1e3222e5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E014F21A9868291EE149B5AE94007953D2EF45FD0B588132DE1D877B5CE2CD4958703
                                                                                                                                                                                                                  Function 00007FFE0CF923AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0CF93FB0: PyThread_get_thread_ident.PYTHON312(?,?,?,00007FFE0CF91026), ref: 00007FFE0CF93FBF
                                                                                                                                                                                                                  • sqlite3_get_autocommit.SQLITE3 ref: 00007FFE0CF923D4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2062102083.00007FFE0CF91000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FFE0CF90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062062314.00007FFE0CF90000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062173383.00007FFE0CFA9000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2062197688.00007FFE0CFAB000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffe0cf90000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread_get_thread_identsqlite3_get_autocommit
                                                                                                                                                                                                                  • String ID: BEGIN$ROLLBACK
                                                                                                                                                                                                                  • API String ID: 1475358230-1570277473
                                                                                                                                                                                                                  • Opcode ID: f8df8887b3471ac700207a4a1aeac888c47342ef1e3d2ea63d0df4a5de2f6ddb
                                                                                                                                                                                                                  • Instruction ID: f441a3605e0a9c15364dfdc7677199f79fa408f61a37dfe4862632f14ae21e1e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8df8887b3471ac700207a4a1aeac888c47342ef1e3d2ea63d0df4a5de2f6ddb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95011D61E88203A1FE589B6FB8502B512D6EF54798F542131CE1D851F6EF2DE5548213
                                                                                                                                                                                                                  Function 00007FFDFF174C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                  • String ID: no such name
                                                                                                                                                                                                                  • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                  • Opcode ID: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                                  • Instruction ID: ced3cb3ce99a8c47e339095affd26b44a908a5005dca23c7e8e2894e46f7451c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE011237F18A42D1FB618B11F464BB52394BB68B45F400131DABE866D8EF3CE1158600
                                                                                                                                                                                                                  Function 00007FFDFF1725A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFDFF172513), ref: 00007FFDFF1725A6
                                                                                                                                                                                                                  • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFDFF172513), ref: 00007FFDFF1725D8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000D.00000002.2058564118.00007FFDFF171000.00000020.00000001.01000000.00000024.sdmp, Offset: 00007FFDFF170000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058536472.00007FFDFF170000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF175000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF1D2000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF21E000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF222000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF227000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058829567.00007FFDFF282000.00000004.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000D.00000002.2058857815.00007FFDFF284000.00000002.00000001.01000000.00000024.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ffdff170000_version-checker-won-x64.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object_$Track
                                                                                                                                                                                                                  • String ID: 3.2.0
                                                                                                                                                                                                                  • API String ID: 16854473-1786766648
                                                                                                                                                                                                                  • Opcode ID: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                  • Instruction ID: bf081bcf8ef88716ad35641c61101ff5d72c16803c0db9bf631cf907f490a423
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBE0ED27F09B4691EB158F11F86446823A4FF2CB15B540235CDBD023A8EF7CE555CA40