Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
main.exe

Overview

General Information

Sample name:main.exe
Analysis ID:1567244
MD5:f4ef93954baa2e6d65d793b09f7bbf15
SHA1:c036619fb0c22fab76dcf05ce0ec9ac20aa3a142
SHA256:5fc403ad66ec63b1333ee685b1379b7d7b4c325994c4806bba51490715b91553
Tags:exeuser-smica83
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected AntiVM5
AI detected suspicious sample
Potentially malicious time measurement code found
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • main.exe (PID: 7528 cmdline: "C:\Users\user\Desktop\main.exe" MD5: F4EF93954BAA2E6D65D793B09F7BBF15)
    • main.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\main.exe" MD5: F4EF93954BAA2E6D65D793B09F7BBF15)
      • WMIC.exe (PID: 7676 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 7684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7748 cmdline: wmic baseboard get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 7756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7820 cmdline: wmic diskdrive get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7912 cmdline: wmic cpu get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 7924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7996 cmdline: wmic bios get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 8004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8096 cmdline: wmic baseboard get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security
    00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security
      Process Memory Space: main.exe PID: 7644JoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 83.5% probability
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7472460 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8E7472460
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74522C5 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8E74522C5
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7458420 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8E7458420
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74584D0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FF8E74584D0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452414 CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FF8E7452414
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452225 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7452225
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745218A CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8E745218A
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749848B CRYPTO_clear_free,2_2_00007FF8E749848B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7454497 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8E7454497
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451F14 CRYPTO_free,2_2_00007FF8E7451F14
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451E7E CRYPTO_free,CRYPTO_malloc,2_2_00007FF8E7451E7E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E746E300 CRYPTO_THREAD_run_once,2_2_00007FF8E746E300
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7468330 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8E7468330
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74513FC EVP_MD_CTX_new,EVP_MD_CTX_free,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FF8E74513FC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451131 CRYPTO_free,2_2_00007FF8E7451131
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7466270 CRYPTO_free,2_2_00007FF8E7466270
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7476270 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8E7476270
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745236A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,2_2_00007FF8E745236A
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8E7451050
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745E220 CRYPTO_malloc,2_2_00007FF8E745E220
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7451438
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E748A2E0 CRYPTO_memcmp,2_2_00007FF8E748A2E0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451CBC CRYPTO_clear_free,2_2_00007FF8E7451CBC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74521C1 _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,2_2_00007FF8E74521C1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74902B0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E74902B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7466138 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7466138
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451DD4 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,2_2_00007FF8E7451DD4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E746C1C0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FF8E746C1C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7451195
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745177B EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,_time64,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,2_2_00007FF8E745177B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7466F48 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7466F48
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FF8E7451410
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451FD2 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7451FD2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745115E OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8E745115E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452388 CRYPTO_malloc,2_2_00007FF8E7452388
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74B0F80 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,2_2_00007FF8E74B0F80
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451802 CRYPTO_strdup,2_2_00007FF8E7451802
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749AE50 CRYPTO_malloc,EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8E749AE50
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74524FA CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E74524FA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451BE0 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7451BE0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451E29 CRYPTO_malloc,2_2_00007FF8E7451E29
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E746CE00 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8E746CE00
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452554 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8E7452554
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451A50 OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FF8E7451A50
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74A8E20 CRYPTO_memcmp,2_2_00007FF8E74A8E20
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7466E79 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7466E79
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745AEB0 CRYPTO_free,2_2_00007FF8E745AEB0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745230B CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E745230B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745220C ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FF8E745220C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7490D20 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7490D20
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7498DD2 CRYPTO_free,CRYPTO_free,2_2_00007FF8E7498DD2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74B0D90 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E74B0D90
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E746CDA0 CRYPTO_get_ex_new_index,2_2_00007FF8E746CDA0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745163B CRYPTO_free,CRYPTO_malloc,2_2_00007FF8E745163B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451DC0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7451DC0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451078 CRYPTO_free,2_2_00007FF8E7451078
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745ECD0 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FF8E745ECD0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E747CCE0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,2_2_00007FF8E747CCE0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7451479
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745189D CRYPTO_malloc,ERR_put_error,2_2_00007FF8E745189D
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749AC80 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8E749AC80
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749CCB0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E749CCB0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7488B60 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8E7488B60
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451B81 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7451B81
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451DA2 CRYPTO_THREAD_run_once,2_2_00007FF8E7451DA2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7490B30 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7490B30
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E747CB20 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8E747CB20
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7484B90 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8E7484B90
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74B8BA0 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FF8E74B8BA0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452469 CRYPTO_malloc,memcpy,2_2_00007FF8E7452469
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E746CA00 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8E746CA00
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E747CA30 CRYPTO_free,CRYPTO_free,2_2_00007FF8E747CA30
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451F37 CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FF8E7451F37
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7498A97 CRYPTO_malloc,2_2_00007FF8E7498A97
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74A2A80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8E74A2A80
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74515C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8E74515C8
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8E7451393
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451D61 CRYPTO_clear_free,2_2_00007FF8E7451D61
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7458990 CRYPTO_free,2_2_00007FF8E7458990
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E748F840 CRYPTO_realloc,2_2_00007FF8E748F840
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451DCF CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,2_2_00007FF8E7451DCF
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74A1860 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8E74A1860
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749D810 CRYPTO_free,CRYPTO_free,2_2_00007FF8E749D810
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451A0A CRYPTO_zalloc,memcpy,memcpy,memcpy,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7451A0A
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74878C0 CRYPTO_free,2_2_00007FF8E74878C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451A69 CRYPTO_free,2_2_00007FF8E7451A69
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7497890 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7497890
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8E7451398
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74510FF CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8E74510FF
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7452063 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8E7452063
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7487740 CRYPTO_free,2_2_00007FF8E7487740
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74516F4 CRYPTO_malloc,CRYPTO_THREAD_lock_new,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8E74516F4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7479700 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8E7479700
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451163 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7451163
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451235 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8E7451235
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745176C CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FF8E745176C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7483640 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8E7483640
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E749B660 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8E749B660
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7459610 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8E7459610
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7497600 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7497600
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74A96B0 CRYPTO_malloc,EVP_CIPHER_CTX_new,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_iv_length,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FF8E74A96B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74BD6B0 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8E74BD6B0
        Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: main.exe, 00000002.00000002.2612011855.00007FF8E71D3000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: main.exe, 00000002.00000002.2612284512.00007FF8E72B0000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2616161422.00007FF8F8D83000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615385618.00007FF8F6FA2000.00000002.00000001.01000000.00000018.sdmp, _uuid.pyd.0.dr
        Source: Binary string: cryptography_rust.pdbc source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1355289121.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615286226.00007FF8F5855000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: main.exe, 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615091777.00007FF8E858D000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: main.exe, 00000002.00000002.2613289194.00007FF8E774E000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: main.exe, 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615910786.00007FF8F7EC3000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: main.exe, 00000002.00000002.2612011855.00007FF8E71D3000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: main.exe, 00000002.00000002.2615493961.00007FF8F709D000.00000002.00000001.01000000.0000000B.sdmp, _ssl.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615187596.00007FF8F0947000.00000002.00000001.01000000.0000000E.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2614978017.00007FF8E856C000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2614978017.00007FF8E856C000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: main.exe, 00000002.00000002.2615808546.00007FF8F7AA0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: main.exe, 00000000.00000003.1375527012.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: main.exe, 00000000.00000003.1375810471.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
        Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: main.exe, 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608441109.000001DD851D0000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615632747.00007FF8F70C8000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1355138989.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2616049913.00007FF8F8B91000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: main.exe, 00000002.00000002.2612284512.00007FF8E72B0000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2612574313.00007FF8E7440000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: cryptography_rust.pdb source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: main.exe, 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: main.exe, 00000002.00000002.2613695241.00007FF8E7BCB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: main.exe, 00000002.00000002.2613289194.00007FF8E774E000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: main.exe, 00000002.00000002.2613289194.00007FF8E77D0000.00000002.00000001.01000000.0000000C.sdmp
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B92F0 FindFirstFileExW,FindClose,0_2_00007FF6058B92F0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6058B83B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058B92F0 FindFirstFileExW,FindClose,2_2_00007FF6058B92F0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C34B0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FF8E71C34B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7503229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8E7503229
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C5310 _PyArg_ParseTuple_SizeT,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FF8E71C5310
        Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
        Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
        Source: main.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD87865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertS
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertS(p
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD877FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: main.exe, 00000002.00000003.1384806257.000001DD878AA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD85210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crluAv
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
        Source: main.exe, 00000002.00000003.1385430982.000001DD877B5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl=user
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD8788B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlndowo
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: main.exe, 00000002.00000003.1383033071.000001DD877ED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609957632.000001DD87A90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383235235.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD877ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383235235.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383726623.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382410367.000001DD872B8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DAC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80BD000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/l%
        Source: main.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/xe.
        Source: main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610197396.000001DD87DFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
        Source: main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
        Source: main.exe, 00000002.00000003.1384806257.000001DD878AA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
        Source: main.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1363176369.0000018AD80BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1365691592.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
        Source: main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/
        Source: main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: main.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
        Source: main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609787648.000001DD879A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
        Source: main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpFN
        Source: main.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD8788B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: main.exe, 00000002.00000003.1385212929.000001DD8786D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD8785D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383033071.000001DD877ED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD877ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DAC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
        Source: main.exe, 00000002.00000002.2610787491.000001DD88828000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
        Source: main.exe, 00000002.00000003.1379980408.000001DD87210000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379420504.000001DD8722F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379475404.000001DD87230000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379446965.000001DD872BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380434928.000001DD87210000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379331114.000001DD872BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
        Source: main.exe, main.exe, 00000002.00000002.2612479197.00007FF8E730B000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
        Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
        Source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
        Source: main.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1312837378573860934/nk3o6wNyPl2JkcQE4WwPlrirnhUuZKaf-U3_QuXN9mBjDxZ
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380328076.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379980408.000001DD8722E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
        Source: main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
        Source: main.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
        Source: main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
        Source: main.exe, 00000002.00000002.2608713762.000001DD86BD8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
        Source: main.exe, 00000002.00000002.2608713762.000001DD86BD8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
        Source: main.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
        Source: main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
        Source: main.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
        Source: main.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
        Source: main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
        Source: main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
        Source: main.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
        Source: main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610197396.000001DD87DFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
        Source: main.exe, main.exe, 00000002.00000002.2612324056.00007FF8E72C1000.00000002.00000001.01000000.00000019.sdmp, main.exe, 00000002.00000002.2612051118.00007FF8E71E1000.00000002.00000001.01000000.0000001C.sdmp, main.exe, 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
        Source: main.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
        Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
        Source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
        Source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
        Source: main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blo
        Source: main.exe, 00000002.00000002.2608713762.000001DD86BD8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
        Source: main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
        Source: main.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
        Source: main.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
        Source: main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
        Source: main.exe, 00000002.00000003.1382631919.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
        Source: main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
        Source: main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290i.py
        Source: main.exe, 00000002.00000003.1384045200.000001DD8775D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383200544.000001DD87758000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
        Source: main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
        Source: main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD8734D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382631919.000001DD87336000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
        Source: main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: main.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD87768000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD87778000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD87767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
        Source: main.exe, 00000002.00000002.2609957632.000001DD87A90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
        Source: main.exe, 00000002.00000003.1383538128.000001DD877B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD87811000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
        Source: main.exe, 00000002.00000002.2609293323.000001DD87390000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: main.exe, 00000002.00000002.2609066499.000001DD87090000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
        Source: main.exe, 00000002.00000002.2613695241.00007FF8E7BCB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txtpit
        Source: main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Manufacturer_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/CPU_Serial_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/HwProfileGuid_List.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt
        Source: main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610787491.000001DD88750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt
        Source: main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt
        Source: main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_platforms.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt
        Source: main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txtC:
        Source: main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610105068.000001DD87C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610197396.000001DD87DFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: main.exe, 00000002.00000003.1384045200.000001DD8775D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383200544.000001DD87758000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: main.exe, 00000002.00000003.1381701877.000001DD872D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
        Source: main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
        Source: main.exe, 00000000.00000003.1359034358.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
        Source: main.exe, 00000000.00000003.1358964557.0000018AD80BF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1359034358.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1359144002.0000018AD80BF000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
        Source: main.exe, 00000000.00000003.1364277395.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
        Source: main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2613465618.00007FF8E7846000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
        Source: main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: main.exe, 00000002.00000003.1383538128.000001DD877B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD87811000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378365609.000001DD86FF9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378322514.000001DD87012000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
        Source: main.exe, 00000002.00000002.2613899840.00007FF8E7C68000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
        Source: main.exe, 00000002.00000003.1382631919.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
        Source: main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
        Source: main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C4EB0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,2_2_00007FF8E71C4EB0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C5800 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E71C5800
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C58A0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E71C58A0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B10000_2_00007FF6058B1000
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D69D40_2_00007FF6058D69D4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D5C700_2_00007FF6058D5C70
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B8BD00_2_00007FF6058B8BD0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D5EEC0_2_00007FF6058D5EEC
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C9F100_2_00007FF6058C9F10
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C1DC40_2_00007FF6058C1DC4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058CE5E00_2_00007FF6058CE5E0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C36100_2_00007FF6058C3610
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C5DA00_2_00007FF6058C5DA0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D18E40_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D411C0_2_00007FF6058D411C
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B98700_2_00007FF6058B9870
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C1FD00_2_00007FF6058C1FD0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C88040_2_00007FF6058C8804
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058CDF600_2_00007FF6058CDF60
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C17B00_2_00007FF6058C17B0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D97980_2_00007FF6058D9798
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058CDACC0_2_00007FF6058CDACC
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C21D40_2_00007FF6058C21D4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C3A140_2_00007FF6058C3A14
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C81540_2_00007FF6058C8154
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D09380_2_00007FF6058D0938
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C19B40_2_00007FF6058C19B4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BA4E40_2_00007FF6058BA4E4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BAD1D0_2_00007FF6058BAD1D
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D09380_2_00007FF6058D0938
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D64880_2_00007FF6058D6488
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C2C800_2_00007FF6058C2C80
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D3C800_2_00007FF6058D3C80
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058C1BC00_2_00007FF6058C1BC0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BA34B0_2_00007FF6058BA34B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058B10002_2_00007FF6058B1000
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D69D42_2_00007FF6058D69D4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058BA34B2_2_00007FF6058BA34B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D5EEC2_2_00007FF6058D5EEC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C9F102_2_00007FF6058C9F10
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C1DC42_2_00007FF6058C1DC4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058CE5E02_2_00007FF6058CE5E0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C36102_2_00007FF6058C3610
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C5DA02_2_00007FF6058C5DA0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D18E42_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D411C2_2_00007FF6058D411C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058B98702_2_00007FF6058B9870
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C1FD02_2_00007FF6058C1FD0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C88042_2_00007FF6058C8804
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058CDF602_2_00007FF6058CDF60
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058C17B02_2_00007FF6058C17B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D97982_2_00007FF6058D9798
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058CDACC2_2_00007FF6058CDACC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C34B02_2_00007FF8E71C34B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C38902_2_00007FF8E71C3890
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C43302_2_00007FF8E71C4330
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E72083802_2_00007FF8E7208380
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E72227F02_2_00007FF8E72227F0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71F84202_2_00007FF8E71F8420
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E72222A02_2_00007FF8E72222A0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E722E2A02_2_00007FF8E722E2A0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74525722_2_00007FF8E7452572
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451DD42_2_00007FF8E7451DD4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74B81C02_2_00007FF8E74B81C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74515B42_2_00007FF8E74515B4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745115E2_2_00007FF8E745115E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74B0F802_2_00007FF8E74B0F80
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7451BE02_2_00007FF8E7451BE0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745168B2_2_00007FF8E745168B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74520B32_2_00007FF8E74520B3
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74515372_2_00007FF8E7451537
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7456BB02_2_00007FF8E7456BB0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74513982_2_00007FF8E7451398
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E745114F2_2_00007FF8E745114F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E74513F22_2_00007FF8E74513F2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75060D72_2_00007FF8E75060D7
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505E202_2_00007FF8E7505E20
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76326702_2_00007FF8E7632670
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504E4E2_2_00007FF8E7504E4E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501CC12_2_00007FF8E7501CC1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505A602_2_00007FF8E7505A60
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506FFA2_2_00007FF8E7506FFA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75036932_2_00007FF8E7503693
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75070772_2_00007FF8E7507077
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501A4B2_2_00007FF8E7501A4B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75034862_2_00007FF8E7503486
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76361302_2_00007FF8E7636130
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751F0602_2_00007FF8E751F060
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506EEC2_2_00007FF8E7506EEC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E763B0202_2_00007FF8E763B020
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75029CD2_2_00007FF8E75029CD
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751EF002_2_00007FF8E751EF00
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75072C02_2_00007FF8E75072C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750213F2_2_00007FF8E750213F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75046332_2_00007FF8E7504633
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501B222_2_00007FF8E7501B22
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75E2B402_2_00007FF8E75E2B40
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504D042_2_00007FF8E7504D04
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505B0F2_2_00007FF8E7505B0F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76A2A902_2_00007FF8E76A2A90
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505D9E2_2_00007FF8E7505D9E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75023F12_2_00007FF8E75023F1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7503FDA2_2_00007FF8E7503FDA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75021B72_2_00007FF8E75021B7
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75022E82_2_00007FF8E75022E8
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E756F7002_2_00007FF8E756F700
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750609B2_2_00007FF8E750609B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501EA12_2_00007FF8E7501EA1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506F232_2_00007FF8E7506F23
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E752B5502_2_00007FF8E752B550
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75070452_2_00007FF8E7507045
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E773F4602_2_00007FF8E773F460
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505D852_2_00007FF8E7505D85
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7503B932_2_00007FF8E7503B93
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75051692_2_00007FF8E7505169
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76373102_2_00007FF8E7637310
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751F2002_2_00007FF8E751F200
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750114F2_2_00007FF8E750114F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506CB72_2_00007FF8E7506CB7
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E752B1C02_2_00007FF8E752B1C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75041012_2_00007FF8E7504101
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7502E8C2_2_00007FF8E7502E8C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751BF202_2_00007FF8E751BF20
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504C372_2_00007FF8E7504C37
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E762FE302_2_00007FF8E762FE30
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75022892_2_00007FF8E7502289
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751BD602_2_00007FF8E751BD60
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75027662_2_00007FF8E7502766
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75032E72_2_00007FF8E75032E7
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75030C12_2_00007FF8E75030C1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75041652_2_00007FF8E7504165
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76B7A102_2_00007FF8E76B7A10
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7637AF02_2_00007FF8E7637AF0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750655A2_2_00007FF8E750655A
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506A822_2_00007FF8E7506A82
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76A39D02_2_00007FF8E76A39D0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504B562_2_00007FF8E7504B56
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750275C2_2_00007FF8E750275C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7502D742_2_00007FF8E7502D74
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75022AC2_2_00007FF8E75022AC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506C1C2_2_00007FF8E7506C1C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750177B2_2_00007FF8E750177B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751C6202_2_00007FF8E751C620
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75069E22_2_00007FF8E75069E2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E762C5F02_2_00007FF8E762C5F0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75B04402_2_00007FF8E75B0440
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75025EF2_2_00007FF8E75025EF
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751C4802_2_00007FF8E751C480
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7502C752_2_00007FF8E7502C75
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75014242_2_00007FF8E7501424
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76B82E02_2_00007FF8E76B82E0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76401202_2_00007FF8E7640120
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505B732_2_00007FF8E7505B73
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75071082_2_00007FF8E7507108
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75031892_2_00007FF8E7503189
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750144C2_2_00007FF8E750144C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E762CF902_2_00007FF8E762CF90
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7640F902_2_00007FF8E7640F90
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75010AA2_2_00007FF8E75010AA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501F962_2_00007FF8E7501F96
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506EBA2_2_00007FF8E7506EBA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75044032_2_00007FF8E7504403
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750362F2_2_00007FF8E750362F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750659B2_2_00007FF8E750659B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75011402_2_00007FF8E7501140
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75012172_2_00007FF8E7501217
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75022FC2_2_00007FF8E75022FC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75026E92_2_00007FF8E75026E9
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750592F2_2_00007FF8E750592F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504A542_2_00007FF8E7504A54
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76B4A102_2_00007FF8E76B4A10
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504C142_2_00007FF8E7504C14
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75011CC2_2_00007FF8E75011CC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7506D572_2_00007FF8E7506D57
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7502FCC2_2_00007FF8E7502FCC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75053C12_2_00007FF8E75053C1
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75021352_2_00007FF8E7502135
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504F3E2_2_00007FF8E7504F3E
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750216C2_2_00007FF8E750216C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750655F2_2_00007FF8E750655F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75012992_2_00007FF8E7501299
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75050472_2_00007FF8E7505047
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7504AC52_2_00007FF8E7504AC5
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750542F2_2_00007FF8E750542F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75063892_2_00007FF8E7506389
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75054CF2_2_00007FF8E75054CF
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76415C02_2_00007FF8E76415C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75054CA2_2_00007FF8E75054CA
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7503A8F2_2_00007FF8E7503A8F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75015C82_2_00007FF8E75015C8
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750560F2_2_00007FF8E750560F
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505F0B2_2_00007FF8E7505F0B
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75055102_2_00007FF8E7505510
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E751D2602_2_00007FF8E751D260
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E76B92102_2_00007FF8E76B9210
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75252002_2_00007FF8E7525200
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75053A82_2_00007FF8E75053A8
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75042872_2_00007FF8E7504287
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75044C62_2_00007FF8E75044C6
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75068C52_2_00007FF8E75068C5
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7505BF02_2_00007FF8E7505BF0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7501B312_2_00007FF8E7501B31
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75057D12_2_00007FF8E75057D1
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7502A04 appears 111 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E74512EE appears 255 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF6058B2710 appears 90 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7504057 appears 684 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E750483B appears 108 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E75024B9 appears 76 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7208310 appears 248 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7501EF1 appears 1438 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E750300D appears 55 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7506988 appears 43 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E74BDCDF appears 89 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E7502734 appears 457 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF8E74BDD75 appears 53 times
        Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF6058B2910 appears 34 times
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1375810471.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs main.exe
        Source: main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1375810471.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1355138989.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
        Source: main.exe, 00000000.00000003.1355886067.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1374708982.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs main.exe
        Source: main.exe, 00000000.00000003.1375475630.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1375639532.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1371399006.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs main.exe
        Source: main.exe, 00000000.00000003.1354806026.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs main.exe
        Source: main.exe, 00000000.00000002.2608400458.0000018AD80BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1355289121.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
        Source: main.exe, 00000000.00000003.1364477852.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs main.exe
        Source: main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1355682079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1375527012.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs main.exe
        Source: main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
        Source: main.exe, 00000000.00000003.1356544576.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs main.exe
        Source: main.exeBinary or memory string: OriginalFilename vs main.exe
        Source: main.exe, 00000002.00000002.2612324056.00007FF8E72C1000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs main.exe
        Source: main.exe, 00000002.00000002.2614810879.00007FF8E7E06000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs main.exe
        Source: main.exe, 00000002.00000002.2615324884.00007FF8F5859000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
        Source: main.exe, 00000002.00000002.2613465618.00007FF8E7846000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs main.exe
        Source: main.exe, 00000002.00000002.2615671977.00007FF8F70D2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2615129265.00007FF8E8592000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibsslH vs main.exe
        Source: main.exe, 00000002.00000002.2612770438.00007FF8E7445000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2616095586.00007FF8F8B97000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
        Source: main.exe, 00000002.00000002.2612051118.00007FF8E71E1000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs main.exe
        Source: main.exe, 00000002.00000002.2615574611.00007FF8F70B5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2616203857.00007FF8F8D86000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2615034445.00007FF8E8575000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2615431940.00007FF8F6FA4000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2615848377.00007FF8F7AAB000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2608441109.000001DD851D0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs main.exe
        Source: main.exe, 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs main.exe
        Source: main.exe, 00000002.00000002.2615225906.00007FF8F094E000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
        Source: main.exe, 00000002.00000002.2615958474.00007FF8F7EC6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs main.exe
        Source: classification engineClassification label: mal64.evad.winEXE@21/41@2/2
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C3890 _PyArg_ParseTuple_SizeT,GetLastError,?PyWin_GetErrorMessageModule@@YAPEAUHINSTANCE__@@K@Z,FormatMessageW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,PyErr_Clear,_PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,memset,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,FormatMessageW,PyEval_RestoreThread,PyExc_SystemError,PyErr_SetString,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,free,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,LocalFree,_Py_Dealloc,2_2_00007FF8E71C3890
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C4C40 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_BuildValue_SizeT,2_2_00007FF8E71C4C40
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71CD0B0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,PyList_New,EnumResourceLanguagesW,_Py_Dealloc,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,2_2_00007FF8E71CD0B0
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8004:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:120:WilError_03
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282Jump to behavior
        Source: main.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM WIN32_PROCESSOR
        Source: C:\Users\user\Desktop\main.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\main.exeFile read: C:\Users\user\Desktop\main.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturer
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumber
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumber
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumber
        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturerJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: libssl-1_1.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: pdh.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\Desktop\main.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: main.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: main.exeStatic file information: File size 15088132 > 1048576
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: main.exe, 00000002.00000002.2612011855.00007FF8E71D3000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: main.exe, 00000002.00000002.2612284512.00007FF8E72B0000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: main.exe, 00000000.00000003.1374921079.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2616161422.00007FF8F8D83000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: main.exe, 00000000.00000003.1356719832.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615385618.00007FF8F6FA2000.00000002.00000001.01000000.00000018.sdmp, _uuid.pyd.0.dr
        Source: Binary string: cryptography_rust.pdbc source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1355289121.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615286226.00007FF8F5855000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: main.exe, 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1355380339.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615091777.00007FF8E858D000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: main.exe, 00000002.00000002.2613289194.00007FF8E774E000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: main.exe, 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: main.exe, 00000000.00000003.1356340609.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615910786.00007FF8F7EC3000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: main.exe, 00000002.00000002.2612011855.00007FF8E71D3000.00000002.00000001.01000000.0000001C.sdmp, win32api.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: main.exe, 00000002.00000002.2615493961.00007FF8F709D000.00000002.00000001.01000000.0000000B.sdmp, _ssl.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1356056483.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615187596.00007FF8F0947000.00000002.00000001.01000000.0000000E.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2614978017.00007FF8E856C000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1356171887.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2614978017.00007FF8E856C000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: main.exe, 00000002.00000002.2615808546.00007FF8F7AA0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: main.exe, 00000000.00000003.1375527012.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: main.exe, 00000000.00000003.1375810471.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
        Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: main.exe, 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: main.exe, 00000000.00000003.1364906894.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608441109.000001DD851D0000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: main.exe, 00000000.00000003.1356416029.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2615632747.00007FF8F70C8000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1355138989.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2616049913.00007FF8F8B91000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: main.exe, 00000002.00000002.2612284512.00007FF8E72B0000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: main.exe, 00000000.00000003.1375107478.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2612574313.00007FF8E7440000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: cryptography_rust.pdb source: main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: main.exe, 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: main.exe, 00000002.00000002.2613695241.00007FF8E7BCB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: main.exe, 00000002.00000002.2613289194.00007FF8E774E000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: main.exe, 00000002.00000002.2613289194.00007FF8E77D0000.00000002.00000001.01000000.0000000C.sdmp
        Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: VCRUNTIME140.dll.0.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71CED20 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00007FF8E71CED20
        Source: mfc140u.dll.0.drStatic PE information: section name: .didat
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
        Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: python311.dll.0.drStatic PE information: section name: PyRuntim
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil\_psutil_windows.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pythoncom311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\libffi-8.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pywintypes311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\_win32sysloader.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\libcrypto-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32api.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_cffi_backend.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\libssl-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32trace.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\python311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\win32ui.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\mfc140u.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75282\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B76B0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6058B76B0
        Source: C:\Users\user\Desktop\main.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM5
        Source: Yara matchFile source: 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: main.exe PID: 7644, type: MEMORYSTR
        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM Win32_DiskDrive
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
        Source: C:\Users\user\Desktop\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750572C rdtsc 2_2_00007FF8E750572C
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil\_psutil_windows.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pythoncom311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pywintypes311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\_win32sysloader.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32api.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_cffi_backend.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32trace.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\python311.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\win32ui.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\mfc140u.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75282\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\main.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17723
        Source: C:\Users\user\Desktop\main.exeAPI coverage: 3.4 %
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_BaseBoard
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM WIN32_PROCESSOR
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B92F0 FindFirstFileExW,FindClose,0_2_00007FF6058B92F0
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058B83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6058B83B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058B92F0 FindFirstFileExW,FindClose,2_2_00007FF6058B92F0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058D18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6058D18E4
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C34B0 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FF8E71C34B0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7503229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8E7503229
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C5310 _PyArg_ParseTuple_SizeT,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FF8E71C5310
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C6350 _PyArg_ParseTuple_SizeT,GetSystemInfo,PyLong_FromUnsignedLongLong,?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z,?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z,_Py_BuildValue_SizeT,2_2_00007FF8E71C6350
        Source: main.exe, 00000000.00000003.1357712073.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
        Source: main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380328076.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379980408.000001DD8722E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWame %SystemRoot%\system32\mswsock.dllort number
        Source: main.exe, 00000002.00000002.2611934270.00007FF8E6AEF000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: vmCimC
        Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
        Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Potentially malicious time measurement code found
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750572C2_2_00007FF8E750572C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E75042412_2_00007FF8E7504241
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E750572C rdtsc 2_2_00007FF8E750572C
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058CA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6058CA684
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71CED20 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00007FF8E71CED20
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D34F0 GetProcessHeap,0_2_00007FF6058D34F0
        Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058CA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6058CA684
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6058BC910
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6058BD19C
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BD37C SetUnhandledExceptionFilter,0_2_00007FF6058BD37C
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058CA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6058CA684
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF6058BC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6058BC910
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71D17E8 SetUnhandledExceptionFilter,2_2_00007FF8E71D17E8
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71D1600 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E71D1600
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71D09FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E71D09FC
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71CD9C0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E71CD9C0
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71CDA60 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E71CDA60
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturerJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumberJump to behavior
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D95E0 cpuid 0_2_00007FF6058D95E0
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_ctypes.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\libcrypto-1_1.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\libffi-8.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_uuid.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\select.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_ssl.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_hashlib.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_bz2.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\unicodedata.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\certifi\cacert.pem VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\_cffi_backend.cp311-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32api.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.11\__init__.py VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.11\dicts.dat VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058BD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6058BD080
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C4140 _PyArg_ParseTuple_SizeT,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,2_2_00007FF8E71C4140
        Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6058D5C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6058D5C70
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E71C7760 _PyArg_ParseTuple_SizeT,GetVersion,_Py_BuildValue_SizeT,2_2_00007FF8E71C7760
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7202F50 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,_Py_BuildValue_SizeT,2_2_00007FF8E7202F50
        Source: C:\Users\user\Desktop\main.exeCode function: 2_2_00007FF8E7502B5D bind,WSAGetLastError,2_2_00007FF8E7502B5D

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
        Windows Management Instrumentation        		1
        DLL Side-Loading        		11
        Process Injection        		22
        Virtualization/Sandbox Evasion        		11
        Input Capture        		2
        System Time Discovery        		Remote Services11
        Input Capture        		22
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts2
        Native API        		Boot or Logon Initialization Scripts1
        DLL Side-Loading        		11
        Process Injection        		LSASS Memory251
        Security Software Discovery        		Remote Desktop Protocol1
        Archive Collected Data        		1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager22
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Obfuscated Files or Information        		NTDS1
        Process Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA Secrets1
        Account Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials1
        System Owner/User Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
        System Network Configuration Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
        File and Directory Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow146
        System Information Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567244 Sample: main.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 64 45 raw.githubusercontent.com 2->45 47 api.ipify.org 2->47 55 Yara detected AntiVM5 2->55 57 AI detected suspicious sample 2->57 9 main.exe 53 2->9         started        signatures3 process4 file5 37 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 9->37 dropped 39 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 9->39 dropped 41 C:\Users\user\AppData\...\_win32sysloader.pyd, PE32+ 9->41 dropped 43 27 other files (none is malicious) 9->43 dropped 59 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->59 61 Potentially malicious time measurement code found 9->61 13 main.exe 4 9->13         started        signatures6 process7 dnsIp8 49 raw.githubusercontent.com 185.199.109.133, 443, 49739 FASTLYUS Netherlands 13->49 51 api.ipify.org 172.67.74.152, 443, 49718 CLOUDFLARENETUS United States 13->51 16 WMIC.exe 1 13->16         started        19 WMIC.exe 1 13->19         started        21 WMIC.exe 1 13->21         started        23 3 other processes 13->23 process9 signatures10 53 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 16->53 25 conhost.exe 16->25         started        27 conhost.exe 19->27         started        29 conhost.exe 21->29         started        31 conhost.exe 23->31         started        33 conhost.exe 23->33         started        35 conhost.exe 23->35         started        process11

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        main.exe11%ReversingLabsWin64.Malware.Generic

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\mfc140u.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\win32ui.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\_uuid.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md.cp311-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\libcrypto-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\libffi-8.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\libssl-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\psutil\_psutil_windows.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\python3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\python311.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pythoncom311.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pywintypes311.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\select.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\unicodedata.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\_win32sysloader.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32api.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32trace.pyd0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        raw.githubusercontent.com
        		185.199.109.133
        		truefalse
          		high
          api.ipify.org
          		172.67.74.152
          		truefalse
            		high
            s-part-0035.t-0009.t-msedge.net
            		13.107.246.63
            		truefalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://discord.com/api/webhooks/1312837378573860934/nk3o6wNyPl2JkcQE4WwPlrirnhUuZKaf-U3_QuXN9mBjDxZmain.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/pyca/cryptography/issues/8996main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpfalse
                  		high
                  https://github.com/giampaolo/psutil/issues/875.main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610197396.000001DD87DFC000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mhammond/pywin32main.exe, main.exe, 00000002.00000002.2612324056.00007FF8E72C1000.00000002.00000001.01000000.00000019.sdmp, main.exe, 00000002.00000002.2612051118.00007FF8E71E1000.00000002.00000001.01000000.0000001C.sdmp, main.exe, 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drfalse
                      		high
                      https://github.com/urllib3/urllib3/issues/3290i.pymain.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#main.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/pyca/cryptography/actions?query=workflow%3ACImain.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                              		high
                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://goo.gl/zeJZl.main.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://tools.ietf.org/html/rfc2388#section-4.4main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.0main.exe, 00000000.00000003.1358964557.0000018AD80BF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1359034358.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1359144002.0000018AD80BF000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                      		high
                                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380328076.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1379980408.000001DD8722E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.opensource.org/licenses/mit-license.phpmain.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609787648.000001DD87A4B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609787648.000001DD879A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txtC:main.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://peps.python.org/pep-0205/main.exe, 00000002.00000002.2609066499.000001DD87090000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                		high
                                                http://crl.dhimyotis.com/certignarootca.crlmain.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://curl.haxx.se/rfc/cookie_spec.htmlmain.exe, 00000002.00000003.1383033071.000001DD877ED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609957632.000001DD87A90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383235235.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD877ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ocsp.accv.esmain.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://json.orgmain.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamemain.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxymain.exe, 00000002.00000003.1381701877.000001DD872D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688main.exe, 00000002.00000002.2608713762.000001DD86BD8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://httpbin.org/getmain.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD87768000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD87778000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD87767000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/CPU_Serial_List.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codemain.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/0mmain.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readermain.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2610787491.000001DD88750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://mail.python.org/pipermail/python-dev/2012-June/120787.html.main.exe, 00000002.00000002.2610197396.000001DD87DAC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://httpbin.org/main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.apache.org/licenses/main.exe, 00000000.00000003.1359034358.0000018AD80B1000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                		high
                                                                                https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainmain.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                  		high
                                                                                  https://wwww.certigna.fr/autorites/main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filemain.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                      		high
                                                                                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlmain.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulemain.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesmain.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.iana.org/main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/en/latest/installation/main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                    		high
                                                                                                    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_symain.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txtmain.exe, 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.python.org/psf/license/main.exe, 00000002.00000002.2613899840.00007FF8E7C68000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                                                                                          		high
                                                                                                          http://crl.securetrust.com/STCA.crlmain.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://wwwsearch.sf.net/):main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383033071.000001DD877ED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD877ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.accv.es/legislacion_c.htmmain.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tools.ietf.org/html/rfc6125#section-6.4.3main.exe, 00000002.00000002.2609445930.000001DD87590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cryptography.io/en/latest/security/main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                        		high
                                                                                                                        https://cffi.readthedocs.io/en/latest/using.html#callbacksmain.exe, main.exe, 00000002.00000002.2612479197.00007FF8E730B000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.xrampsecurity.com/XGCA.crl0main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD8788B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.cert.fnmt.es/dpcs/main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://google.com/mailmain.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://packaging.python.org/specifications/entry-points/main.exe, 00000002.00000002.2609293323.000001DD87390000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.accv.es00main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pymain.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmmain.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://readthedocs.org/projects/cryptography/badge/?version=latestmain.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://foss.heptapod.net/pypy/pypy/-/issues/3539main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.main.exe, 00000002.00000003.1382631919.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/HwProfileGuid_List.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://google.com/main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383235235.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383726623.000001DD872B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382410367.000001DD872B8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://mahler:8092/site-updates.pymain.exe, 00000002.00000003.1383538128.000001DD877B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385430982.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384806257.000001DD877FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383538128.000001DD87811000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crl.securetrust.com/SGCA.crlmain.exe, 00000002.00000002.2608461160.000001DD85281000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://.../back.jpegmain.exe, 00000002.00000002.2610031260.000001DD87B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD87865000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/pyca/cryptographymain.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/python/cpython/blomain.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.python.org/download/releases/2.3/mro/.main.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378365609.000001DD86FF9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378322514.000001DD87012000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://httpbin.org/postmain.exe, 00000002.00000002.2608957238.000001DD86F90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcemain.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/pyca/cryptography/main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://github.com/Ousret/charset_normalizermain.exe, 00000002.00000002.2609519585.000001DD876F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.firmaprofesional.com/cps0main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specmain.exe, 00000002.00000002.2608842554.000001DD86D90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2920main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://crl.securetrust.com/SGCA.crl0main.exe, 00000002.00000003.1385430982.000001DD877B5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datamain.exe, 00000002.00000003.1378612389.000001DD852D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377128719.000001DD852F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378525055.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1377099786.000001DD86F91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1378420331.000001DD852E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2608461160.000001DD852B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://yahoo.com/main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://crl.securetrust.com/STCA.crl0main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://crl.dhimyotis.com/certignarootca.crluAvmain.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txtmain.exe, 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://api.ipify.orgmain.exe, 00000002.00000002.2610197396.000001DD87DAC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://html.spec.whatwg.org/multipage/main.exe, 00000002.00000003.1383235235.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD8722E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD872F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD872F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD8734D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1384689212.000001DD872F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382631919.000001DD87336000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1382311300.000001DD872F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.quovadisglobal.com/cps0main.exe, 00000002.00000003.1385212929.000001DD8786D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD8785D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlmain.exe, 00000002.00000003.1384806257.000001DD878AA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsmain.exe, 00000002.00000002.2609370831.000001DD87490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0main.exe, 00000002.00000002.2609519585.000001DD8788B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1385212929.000001DD878BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://cryptography.io/en/latest/changelog/main.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.rfc-editor.org/rfc/rfc8259#section-8.1main.exe, 00000002.00000003.1382631919.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1381455786.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2609142807.000001DD87190000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383435701.000001DD87369000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1383884724.000001DD87369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://github.com/pyca/cryptography/issues/9253main.exe, 00000002.00000002.2611662090.00007FF8E6917000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Manufacturer_List.txtmain.exe, 00000002.00000002.2608713762.000001DD86B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://www.iana.org/time-zones/repository/tz-link.htmlmain.exe, 00000002.00000003.1379924468.000001DD8729D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1380262931.000001DD872AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://mail.python.org/mailman/listinfo/cryptography-devmain.exe, 00000000.00000003.1358414820.0000018AD80B4000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      185.199.109.133
                                                                                                                                                                                                                      		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                                      172.67.74.152
                                                                                                                                                                                                                      		api.ipify.orgUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1567244
                                                                                                                                                                                                                      Start date and time:2024-12-03 10:27:11 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 8m 39s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:19
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:main.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal64.evad.winEXE@21/41@2/2
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                      • Successful, ratio: 71%
                                                                                                                                                                                                                      • Number of executed functions: 78
                                                                                                                                                                                                                      • Number of non-executed functions: 240
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                      • VT rate limit hit for: main.exe

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      04:28:10API Interceptor6x Sleep call for process: WMIC.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      185.199.109.133cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                                                                                                                      SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                                                                                                                      172.67.74.1522b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                      • api.ipify.org/
                                                                                                                                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                      • api.ipify.org/

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      raw.githubusercontent.comfile.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                                                                      TT18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 185.199.109.133
                                                                                                                                                                                                                      rookie_2.30.0_portable.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      secondaryTask.vbsGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                      s-part-0035.t-0009.t-msedge.net1013911.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      fred.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      untrippingvT.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      1L8qjfD9J2.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      INTRUM65392.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                      api.ipify.orghttps://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                      Content Collaboration Terms.dll.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                                                                      https://apnasofa.com/episode/index#YmVuQG1pY3Jvc29mdC5jb20==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                      Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                                                                      l6F8Xgr0Ov.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                                                                      SPlVyHiGOz.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                                                                      55qIbHIAZi.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                                                                      tEEa6j67ss.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                      ship's particulars-TBN.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                                                                      HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                      • 104.26.13.205

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      FASTLYUS1013911.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 151.101.1.137
                                                                                                                                                                                                                      fred.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                      Quarantined Messages-9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                      CLOUDFLARENETUShttps://lexplosiondemo.komtrol.in/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.72.124
                                                                                                                                                                                                                      kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                                      Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                                      1013911.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 104.21.84.67
                                                                                                                                                                                                                      fred.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.67.212.141
                                                                                                                                                                                                                      attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 172.67.159.24
                                                                                                                                                                                                                      https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                      https://web.goods-full.link/#/pages/recharge/components/order?type=usdtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.66.212
                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                      • 104.21.16.9
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 172.67.165.166

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\mfc140u.dllzapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                          Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                            SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                              SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    oconsole.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      oconsole.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5653536
                                                                                                                                                                                                                                        Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                        MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                        SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                        SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                        SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: oconsole.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: oconsole.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1143296
                                                                                                                                                                                                                                        Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                                                        MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                                                        SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                                                        SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                                                        SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):98736
                                                                                                                                                                                                                                        Entropy (8bit):6.474996871326343
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                                                        MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                                                        SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                                                        SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                                                        SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38304
                                                                                                                                                                                                                                        Entropy (8bit):6.3923853431578035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
                                                                                                                                                                                                                                        MD5:75E78E4BF561031D39F86143753400FF
                                                                                                                                                                                                                                        SHA1:324C2A99E39F8992459495182677E91656A05206
                                                                                                                                                                                                                                        SHA-256:1758085A61527B427C4380F0C976D29A8BEE889F2AC480C356A3F166433BF70E
                                                                                                                                                                                                                                        SHA-512:CE4DAF46BCE44A89D21308C63E2DE8B757A23BE2630360209C4A25EB13F1F66A04FBB0A124761A33BBF34496F2F2A02B8DF159B4B62F1B6241E1DBFB0E5D9756
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L......................h.........G.........:...h.......h.......h.......h.......h.+.....h.......Rich............................PE..d................." ... .:...6.......A..............................................B.....`A.........................................m.......m..x....................n...'......D....c..p...........................`b..@............P..`............................text....9.......:.................. ..`.rdata..."...P...$...>..............@..@.data................b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..D............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_bz2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83328
                                                                                                                                                                                                                                        Entropy (8bit):6.532254531979707
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:douLz7p5Tcayt0KpkKWVa5cNRT8+smUxJIDtVH7SyD8Px:2uLz9meVamQ+sLxJIDtVHVsx
                                                                                                                                                                                                                                        MD5:4101128E19134A4733028CFAAFC2F3BB
                                                                                                                                                                                                                                        SHA1:66C18B0406201C3CFBBA6E239AB9EE3DBB3BE07D
                                                                                                                                                                                                                                        SHA-256:5843872D5E2B08F138A71FE9BA94813AFEE59C8B48166D4A8EB0F606107A7E80
                                                                                                                                                                                                                                        SHA-512:4F2FC415026D7FD71C5018BC2FFDF37A5B835A417B9E5017261849E36D65375715BAE148CE8F9649F9D807A63AC09D0FB270E4ABAE83DFA371D129953A5422CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.E._......W....+.V......X......]......Q......V......W...U..........]......T....).T......T...RichU...........PE..d...t.Vc.........." ...!.....^......,........................................P......nP....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):178176
                                                                                                                                                                                                                                        Entropy (8bit):6.165902427203749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                                                        MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                                                        SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                                                        SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                                                        SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_ctypes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123768
                                                                                                                                                                                                                                        Entropy (8bit):6.017133084000375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:QC7Pgg3AwEWwSQJKoPfLSHcn0YJwyncXf9IDQPj6Exv:Qz5IX8jPfLSMJwykfoy
                                                                                                                                                                                                                                        MD5:6A9CA97C039D9BBB7ABF40B53C851198
                                                                                                                                                                                                                                        SHA1:01BCBD134A76CCD4F3BADB5F4056ABEDCFF60734
                                                                                                                                                                                                                                        SHA-256:E662D2B35BB48C5F3432BDE79C0D20313238AF800968BA0FAA6EA7E7E5EF4535
                                                                                                                                                                                                                                        SHA-512:DEDF7F98AFC0A94A248F12E4C4CA01B412DA45B926DA3F9C4CBC1D2CBB98C8899F43F5884B1BF1F0B941EDAEEF65612EA17438E67745962FF13761300910960D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[y..[y..[y..#.[y.. x..[y.. |..[y.. }..[y.. z..[y.. x..[y.O)}..[y.O)x..[y.).x..[y..[x.h[y.. t..[y.. y..[y.. ...[y.. {..[y.Rich.[y.................PE..d...n.Vc.........." ...!.............]...............................................[....`..........................................Q......TR..........................x)..............T...........................`...@............................................text............................... ..`.rdata...m.......n..................@..@.data...$=...p...8...b..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_decimal.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):251768
                                                                                                                                                                                                                                        Entropy (8bit):6.543870948107038
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:3JhhPXoWcz5HvcQpq9Sr9pmHboiYE9qWM53pLW1AmXYWtmVS9G:fNXoWcznq9Sr9pyKFh6eS9G
                                                                                                                                                                                                                                        MD5:D47E6ACF09EAD5774D5B471AB3AB96FF
                                                                                                                                                                                                                                        SHA1:64CE9B5D5F07395935DF95D4A0F06760319224A2
                                                                                                                                                                                                                                        SHA-256:D0DF57988A74ACD50B2D261E8B5F2C25DA7B940EC2AAFBEE444C277552421E6E
                                                                                                                                                                                                                                        SHA-512:52E132CE94F21FA253FED4CF1F67E8D4423D8C30224F961296EE9F64E2C9F4F7064D4C8405CD3BB67D3CF880FE4C21AB202FA8CF677E3B4DAD1BE6929DBDA4E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\F1S.'_..'_..'_.._...'_..\^..'_..\Z..'_..\[..'_..\\..'_..\^..'_..U^..'_..'^..'_..\\..'_..\R..'_..\_..'_..\...'_..\]..'_.Rich.'_.................PE..d...k.Vc.........." ...!.v...<......|...............................................o.....`..........................................T..P....T..................H'......x)......P.......T...........................P...@............................................text...)u.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata..H'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_hashlib.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):63872
                                                                                                                                                                                                                                        Entropy (8bit):6.166853300594844
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:18njpHxGkYjEEEJkn8cw6ThID5IJt7SyiPx:GnjpHxRJ8w6ThID5IJtEx
                                                                                                                                                                                                                                        MD5:DE4D104EA13B70C093B07219D2EFF6CB
                                                                                                                                                                                                                                        SHA1:83DAF591C049F977879E5114C5FEA9BBBFA0AD7B
                                                                                                                                                                                                                                        SHA-256:39BC615842A176DB72D4E0558F3CDCAE23AB0623AD132F815D21DCFBFD4B110E
                                                                                                                                                                                                                                        SHA-512:567F703C2E45F13C6107D767597DBA762DC5CAA86024C87E7B28DF2D6C77CD06D3F1F97EED45E6EF127D5346679FEA89AC4DC2C453CE366B6233C0FA68D82692
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g.......g..V....g..V....g..V....g..V....g..X....g.......g.......g...g..Qg..X....g..X....g..X.l..g..X....g..Rich.g..........................PE..d...u.Vc.........." ...!.T...~......@?....................................................`.............................................P.......................,........)......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_lzma.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):158080
                                                                                                                                                                                                                                        Entropy (8bit):6.835761878596918
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5mGf4k8d79MwyHiRr7tznf49mNoaGjQJplJIDe10Yhx:5Pf4FhMwyMAYOao6P
                                                                                                                                                                                                                                        MD5:337B0E65A856568778E25660F77BC80A
                                                                                                                                                                                                                                        SHA1:4D9E921FEAEE5FA70181EBA99054FFA7B6C9BB3F
                                                                                                                                                                                                                                        SHA-256:613DE58E4A9A80EFF8F8BC45C350A6EAEBF89F85FFD2D7E3B0B266BF0888A60A
                                                                                                                                                                                                                                        SHA-512:19E6DA02D9D25CCEF06C843B9F429E6B598667270631FEBE99A0D12FC12D5DA4FB242973A8351D3BF169F60D2E17FE821AD692038C793CE69DFB66A42211398E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6D..6D..6D..D..6D@.7E..6D@.3E..6D@.2E..6D@.5E..6DN.7E..6D..7E..6D..7D..6DN.;E..6DN.6E..6DN..D..6DN.4E..6DRich..6D........PE..d...~.Vc.........." ...!.d...........8..............................................O.....`..........................................%..L...\%..x....p.......P.......@...)......8.......T...........................p...@............................................text...~c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_queue.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31104
                                                                                                                                                                                                                                        Entropy (8bit):6.35436407327013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cQuCvO+MZFryl9SDCg6rXv5mkWsnTBq9ID7UJIYiSy1pCQYIPxh8E9VF0Nyb9:cl+yFp6rXRmk5s9ID7UeYiSyv7PxWER
                                                                                                                                                                                                                                        MD5:FF8300999335C939FCCE94F2E7F039C0
                                                                                                                                                                                                                                        SHA1:4FF3A7A9D9CA005B5659B55D8CD064D2EB708B1A
                                                                                                                                                                                                                                        SHA-256:2F71046891BA279B00B70EB031FE90B379DBE84559CF49CE5D1297EA6BF47A78
                                                                                                                                                                                                                                        SHA-512:F29B1FD6F52130D69C8BD21A72A71841BF67D54B216FEBCD4E526E81B499B9B48831BB7CDFF0BFF6878AAB542CA05D6326B8A293F2FB4DD95058461C0FD14017
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MX..#...#...#.......#..."...#...&...#...'...#... ...#..."...#.Q."...#..."...#.......#...#...#.......#...!...#.Rich..#.........................PE..d...d.Vc.........." ...!.....8.......................................................K....`..........................................C..L....C..d....p.......`.......P...)..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_socket.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):78200
                                                                                                                                                                                                                                        Entropy (8bit):6.239347454910878
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:HJlcAdpEVuju9/s+S+pJGQRivVia3i9IDQw17Sy+Px3sxi:H7ce+uju9/sT+pJGdvVp3i9IDQw1kxZ
                                                                                                                                                                                                                                        MD5:8140BDC5803A4893509F0E39B67158CE
                                                                                                                                                                                                                                        SHA1:653CC1C82BA6240B0186623724AEC3287E9BC232
                                                                                                                                                                                                                                        SHA-256:39715EF8D043354F0AB15F62878530A38518FB6192BC48DA6A098498E8D35769
                                                                                                                                                                                                                                        SHA-512:D0878FEE92E555B15E9F01CE39CFDC3D6122B41CE00EC3A4A7F0F661619F83EC520DCA41E35A1E15650FB34AD238974FE8019577C42CA460DDE76E3891B0E826
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................*.......*.......*.......*.......$...............y.......$.......$.......$.......$.......Rich............................PE..d...s.Vc.........." ...!.l...........%.......................................P......h.....`.........................................@...P............0....... ..x.......x)...@..........T...............................@............................................text....k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_ssl.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):159616
                                                                                                                                                                                                                                        Entropy (8bit):5.9948013841482926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qFrIQQey4VWR98w/PQQcXo8uOVrGxn+SQOXLkd1ItS+Q8YuAfxJIDt75EHx:eEeRV29//4QcJuOynyvxX
                                                                                                                                                                                                                                        MD5:069BCCC9F31F57616E88C92650589BDD
                                                                                                                                                                                                                                        SHA1:050FC5CCD92AF4FBB3047BE40202D062F9958E57
                                                                                                                                                                                                                                        SHA-256:CB42E8598E3FA53EEEBF63F2AF1730B9EC64614BDA276AB2CD1F1C196B3D7E32
                                                                                                                                                                                                                                        SHA-512:0E5513FBE42987C658DBA13DA737C547FF0B8006AECF538C2F5CF731C54DE83E26889BE62E5C8A10D2C91D5ADA4D64015B640DAB13130039A5A8A5AB33A723DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B3"..RL,.RL,.RL,.*.,.RL,.)M-.RL,.)I-.RL,.)H-.RL,.)O-.RL,.)M-.RL,b(M-.RL,.RM,.SL,. M-.RL,.)A-.RL,.)L-.RL,.).,.RL,.)N-.RL,Rich.RL,........................PE..d.....Vc.........." ...!............l+....................................................`.............................................d............`.......P.......F...)...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\_uuid.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23936
                                                                                                                                                                                                                                        Entropy (8bit):6.530276573558295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MPfwFpEW56TfQJIDew63IYiSy1pCQIJPxh8E9VF0NyYk:MPqpEbjQJIDew1YiSyvWPxWEW
                                                                                                                                                                                                                                        MD5:9A4957BDC2A783ED4BA681CBA2C99C5C
                                                                                                                                                                                                                                        SHA1:F73D33677F5C61DEB8A736E8DDE14E1924E0B0DC
                                                                                                                                                                                                                                        SHA-256:F7F57807C15C21C5AA9818EDF3993D0B94AEF8AF5808E1AD86A98637FC499D44
                                                                                                                                                                                                                                        SHA-512:027BDCB5B3E0CA911EE3C94C42DA7309EA381B4C8EC27CF9A04090FFF871DB3CF9B7B659FDBCFFF8887A058CB9B092B92D7D11F4F934A53BE81C29EF8895AC2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Rp^.<#^.<#^.<#W..#\.<#..="\.<#..9"R.<#..8"V.<#..?"].<#..="\.<#..="[.<#^.=#t.<#..4"_.<#..<"_.<#...#_.<#..>"_.<#Rich^.<#................PE..d...e.Vc.........." ...!.....&...... ........................................p......_.....`.........................................`)..L....)..x....P.......@.......4...)...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\base_library.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1439447
                                                                                                                                                                                                                                        Entropy (8bit):5.586381782332628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:6QRqL5TPAxNWlUKdcubgAnj90HtAWfh2dYMbPRMZdf9:6QRqL2xNbrp
                                                                                                                                                                                                                                        MD5:2A138E2EE499D3BA2FC4AFAEF93B7CAA
                                                                                                                                                                                                                                        SHA1:508C733341845E94FCE7C24B901FC683108DF2A8
                                                                                                                                                                                                                                        SHA-256:130E506EAD01B91B60D6D56072C468AEB5457DD0F2ECD6CE17DFCBB7D51A1F8C
                                                                                                                                                                                                                                        SHA-512:1F61A0FDA5676E8ED8D10DFEE78267F6D785F9C131F5CAF2DD984E18CA9E5866B7658AB7EDB2FFD74920A40FFEA5CD55C0419F5E9EE57A043105E729E10D820B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PK..........!. ..y............_collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\certifi\cacert.pem

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):299427
                                                                                                                                                                                                                                        Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                        MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                        SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                        SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                        SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.8208567868970675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Y0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFuCQAAZWQcX6g8H4a81:gFCk2z1/t12iwU5usJFKCyHcqgg
                                                                                                                                                                                                                                        MD5:CBF62E25E6E036D3AB1946DBAFF114C1
                                                                                                                                                                                                                                        SHA1:B35F91EAF4627311B56707EF12E05D6D435A4248
                                                                                                                                                                                                                                        SHA-256:06032E64E1561251EA3035112785F43945B1E959A9BF586C35C9EA1C59585C37
                                                                                                                                                                                                                                        SHA-512:04B694D0AE99D5786FA19F03C5B4DD8124C4F9144CFE7CA250B48A3C0DE0883E06A6319351AE93EA95B55BBBFA69525A91E9407478E40AD62951F1D63D45FF18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d....#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):121344
                                                                                                                                                                                                                                        Entropy (8bit):5.899699901799497
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:3Ives1m094QtwqlaZTwuQMS/Pf+vGTVmEU:3PsQIJmE
                                                                                                                                                                                                                                        MD5:BAC273806F46CFFB94A84D7B4CED6027
                                                                                                                                                                                                                                        SHA1:773FBC0435196C8123EE89B0A2FC4D44241FF063
                                                                                                                                                                                                                                        SHA-256:1D9ABA3FF1156EA1FBE10B8AA201D4565AE6022DAF2117390D1D8197B80BB70B
                                                                                                                                                                                                                                        SHA-512:EAEC1F072C2C0BC439AC7B4E3AEA6E75C07BD4CD2D653BE8500BBFFE371FBFE045227DAEAD653C162D972CCAADFF18AC7DA4D366D1200618B0291D76E18B125C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB............................................................................................Rich...........................PE..d....#.g.........." ...).2..........@4.......................................0............`.............................................d...d...................p............ ......@...................................@............P...............................text...x0.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Mn:M
                                                                                                                                                                                                                                        MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                        SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                        SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                        SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:pip.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5724
                                                                                                                                                                                                                                        Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                                        MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                                        SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                                        SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                                        SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16380
                                                                                                                                                                                                                                        Entropy (8bit):5.587607398047088
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hXr1GL/l45jEVeKUZVhXau4WJU6F6Gotqw+Iq+NX6ih5VfUqb8q:hXOlMEVdcaiJU6F6Gotqw+/+96ih18q
                                                                                                                                                                                                                                        MD5:09AF09857B22A20B1237C76423D111A3
                                                                                                                                                                                                                                        SHA1:0FA4BECCCB7DE4B5F56A5A2E84D8751A089B136E
                                                                                                                                                                                                                                        SHA-256:18508C295D7D68317791CAB2DBFBFF1B79C19B1812A83C7A15A01FC8263D5249
                                                                                                                                                                                                                                        SHA-512:D0D0C5F728E4F7BD136465722AF8CEAAA83A7F70AA779C90F80EF7B5DDA837E58C8DD1740B8CA5CB27E84E37B9B9FDAA63C2242E8EA60D21EE2EA814F846211A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):94
                                                                                                                                                                                                                                        Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                                        MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                                        SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                                        SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                                        SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                                                        Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                        MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                        SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                        SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                        SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11360
                                                                                                                                                                                                                                        Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                        MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                        SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                        SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                        SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1532
                                                                                                                                                                                                                                        Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                        MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                        SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                        SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                        SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8292864
                                                                                                                                                                                                                                        Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                                        MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                                        SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                                        SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                                        SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\libcrypto-1_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3441504
                                                                                                                                                                                                                                        Entropy (8bit):6.097985120800337
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
                                                                                                                                                                                                                                        MD5:6F4B8EB45A965372156086201207C81F
                                                                                                                                                                                                                                        SHA1:8278F9539463F0A45009287F0516098CB7A15406
                                                                                                                                                                                                                                        SHA-256:976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
                                                                                                                                                                                                                                        SHA-512:2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\libffi-8.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35064
                                                                                                                                                                                                                                        Entropy (8bit):6.362215445656998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SB8J4ihYfwYiXGPc9orPji8i4DDQWvGaRQsTeCXS/Fzc7jsFruRXYV1ZE9DRCXjQ:rGHs4vpegQsTT0uj82S7Fp2DG4yshH
                                                                                                                                                                                                                                        MD5:32D36D2B0719DB2B739AF803C5E1C2F5
                                                                                                                                                                                                                                        SHA1:023C4F1159A2A05420F68DAF939B9AC2B04AB082
                                                                                                                                                                                                                                        SHA-256:128A583E821E52B595EB4B3DDA17697D3CA456EE72945F7ECCE48EDEDAD0E93C
                                                                                                                                                                                                                                        SHA-512:A0A68CFC2F96CB1AFD29DB185C940E9838B6D097D2591B0A2E66830DD500E8B9538D170125A00EE8C22B8251181B73518B73DE94BEEEDD421D3E888564A111C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X................d.....N...................5...N......N......N....................................Rich............................PE..d....$(a.........." .....H...*.......L..............................................4.....`..........................................l.......o..P...............8....l..........(....b...............................c..8............`.. ............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................b..............@....pdata..8............d..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\libssl-1_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):702816
                                                                                                                                                                                                                                        Entropy (8bit):5.547832370836076
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
                                                                                                                                                                                                                                        MD5:8769ADAFCA3A6FC6EF26F01FD31AFA84
                                                                                                                                                                                                                                        SHA1:38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
                                                                                                                                                                                                                                        SHA-256:2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
                                                                                                                                                                                                                                        SHA-512:FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                        MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                        SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                        SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                        SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\python3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65920
                                                                                                                                                                                                                                        Entropy (8bit):6.085964919090515
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Apw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJU:V/5k8cnzeJH9IDQ0K7SyOPx
                                                                                                                                                                                                                                        MD5:34E49BB1DFDDF6037F0001D9AEFE7D61
                                                                                                                                                                                                                                        SHA1:A25A39DCA11CDC195C9ECD49E95657A3E4FE3215
                                                                                                                                                                                                                                        SHA-256:4055D1B9E553B78C244143AB6B48151604003B39A9BF54879DEE9175455C1281
                                                                                                                                                                                                                                        SHA-512:EDB715654BAAF499CF788BCACD5657ADCF9F20B37B02671ABE71BDA334629344415ED3A7E95CB51164E66A7AA3ED4BF84ACB05649CCD55E3F64036F3178B7856
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...e...e...e..km...e..ke...e..k....e..kg...e.Rich..e.................PE..d...\.Vc.........." ...!..................................................................`.........................................`...P................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\python311.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5758328
                                                                                                                                                                                                                                        Entropy (8bit):6.089726305084683
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:JdHwQkq3AAtsPv3XXTVEspHBMp4SsPxQpe2bx:JdHwQkq3AMsPvHXSpAxQpe2V
                                                                                                                                                                                                                                        MD5:9A24C8C35E4AC4B1597124C1DCBEBE0F
                                                                                                                                                                                                                                        SHA1:F59782A4923A30118B97E01A7F8DB69B92D8382A
                                                                                                                                                                                                                                        SHA-256:A0CF640E756875C25C12B4A38BA5F2772E8E512036E2AC59EB8567BF05FFBFB7
                                                                                                                                                                                                                                        SHA-512:9D9336BF1F0D3BC9CE4A636A5F4E52C5F9487F51F00614FC4A34854A315CE7EA8BE328153812DBD67C45C75001818FA63317EBA15A6C9A024FA9F2CAB163165B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih.-...-...-...r../...r@.#...r..!...r..%...r..)...$q..7....{..&...-...H...r......r..,...rB.,...r..,...Rich-...........PE..d...R.Vc.........." ...!.T%..,7......K........................................\......~X...`.........................................P.@......NA......`[.......V../....W.x)...p[..B....).T...........................P.).@............p%..............................text...BS%......T%................. ..`.rdata..0....p%......X%.............@..@.data.........A..N...\A.............@....pdata.../....V..0....Q.............@..@PyRuntim......X.......S.............@....rsrc........`[......fV.............@..@.reloc...B...p[..D...pV.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pythoncom311.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):670208
                                                                                                                                                                                                                                        Entropy (8bit):6.035999626973864
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                                                        MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                                                        SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                                                        SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                                                        SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\pywin32_system32\pywintypes311.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134656
                                                                                                                                                                                                                                        Entropy (8bit):5.999117329459055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                                                        MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                                                        SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                                                        SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                                                        SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\select.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29056
                                                                                                                                                                                                                                        Entropy (8bit):6.49468173344972
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5oR1ecReJKwHqUuI7A70RUZ9ID7GvIYiSy1pCQlIJNPxh8E9VF0NyUT2:ezeUeJlHqybG9ID7GQYiSyvCPxWEC
                                                                                                                                                                                                                                        MD5:97EE623F1217A7B4B7DE5769B7B665D6
                                                                                                                                                                                                                                        SHA1:95B918F3F4C057FB9C878C8CC5E502C0BD9E54C0
                                                                                                                                                                                                                                        SHA-256:0046EB32F873CDE62CF29AF02687B1DD43154E9FD10E0AA3D8353D3DEBB38790
                                                                                                                                                                                                                                        SHA-512:20EDC7EAE5C0709AF5C792F04A8A633D416DA5A38FC69BD0409AFE40B7FB1AFA526DE6FE25D8543ECE9EA44FD6BAA04A9D316AC71212AE9638BDEF768E661E0F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.t^_f'^_f'^_f'W'.'\_f'.$g&\_f'.$c&R_f'.$b&V_f'.$e&Z_f'.$g&\_f'^_g'._f'.-g&[_f'.$k&__f'.$f&__f'.$.'__f'.$d&__f'Rich^_f'........PE..d...e.Vc.........." ...!.....2............................................................`..........................................@..L...,A..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\unicodedata.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1138040
                                                                                                                                                                                                                                        Entropy (8bit):5.434701276929729
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:JbYefjwR6nbJonRiPDjRrO518BEPYPx++ZiLKGZ5KXyVH4eDS0E:tYeMQ0IDJc+EwPgPOG6Xyd46S0E
                                                                                                                                                                                                                                        MD5:BC58EB17A9C2E48E97A12174818D969D
                                                                                                                                                                                                                                        SHA1:11949EBC05D24AB39D86193B6B6FCFF3E4733CFD
                                                                                                                                                                                                                                        SHA-256:ECF7836AA0D36B5880EB6F799EC402B1F2E999F78BFFF6FB9A942D1D8D0B9BAA
                                                                                                                                                                                                                                        SHA-512:4AA2B2CE3EB47503B48F6A888162A527834A6C04D3B49C562983B4D5AAD9B7363D57AEF2E17FE6412B89A9A3B37FB62A4ADE4AFC90016E2759638A17B1DEAE6C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...l...l...l..|....l.0.m...l.0.i...l.0.h...l.0.o...l.>.m...l.cvm...l...m...l.>.a...l.>.l...l.>.....l.>.n...l.Rich..l.................PE..d...k.Vc.........." ...!.>.......... *...................................................`.............................................X...(........`.......P.......4..x)...p......@]..T............................\..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data...H....0......................@....pdata.......P......."..............@..@.rsrc........`.......(..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                                                        Entropy (8bit):5.113812591033072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                                                        MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                                                        SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                                                        SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                                                        SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32api.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):133120
                                                                                                                                                                                                                                        Entropy (8bit):5.849201651779307
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                                                        MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                                                        SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                                                        SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                                                        SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI75282\win32\win32trace.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):5.281874510289411
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                                                        MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                                                        SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                                                        SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                                                        SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gen_py\3.11\__init__.py

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                        Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                        MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                        SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                        SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                        SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gen_py\3.11\dicts.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10
                                                                                                                                                                                                                                        Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                        MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                        SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                        SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                        SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..K....}..

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.995286291498591
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:main.exe
                                                                                                                                                                                                                                        File size:15'088'132 bytes
                                                                                                                                                                                                                                        MD5:f4ef93954baa2e6d65d793b09f7bbf15
                                                                                                                                                                                                                                        SHA1:c036619fb0c22fab76dcf05ce0ec9ac20aa3a142
                                                                                                                                                                                                                                        SHA256:5fc403ad66ec63b1333ee685b1379b7d7b4c325994c4806bba51490715b91553
                                                                                                                                                                                                                                        SHA512:359ef6926d0947a1da3684abe838680c7e9345261953df70bdc6236c0ef808e6017cddb42cf60a507f823189b9afdf0df998e9c5a370f88ddd76c98c184b6eda
                                                                                                                                                                                                                                        SSDEEP:393216:2Vlj87dtcWVpuwq3Obs2Cl6dQJl9F3MnG3CIL+U7rA6gXHz:2Vl8ZyGpuwq3ObRq6dQf3MG5rOT
                                                                                                                                                                                                                                        TLSH:88E633626B951CE6F567163CC422C00CFBA1BE625770DB2743A446AE1F573C06E3DB8A
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x14000ce20
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x674EAD0D [Tue Dec 3 07:02:37 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FC7491CFAFCh
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        jmp 00007FC7491CF71Fh
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FC7491CFEC8h
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FC7491CF8C3h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                        jmp 00007FC7491CF8A7h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                                                        je 00007FC7491CF8B6h
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                                                        jne 00007FC7491CF890h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        jmp 00007FC7491CF899h
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                                                                        jne 00007FC7491CF8A9h
                                                                                                                                                                                                                                        mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                                                        call 00007FC7491CEFF5h
                                                                                                                                                                                                                                        call 00007FC7491D02E0h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FC7491CF8A6h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        jmp 00007FC7491CF8B6h
                                                                                                                                                                                                                                        call 00007FC7491DCDFFh
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FC7491CF8ABh
                                                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                                                        call 00007FC7491D02F0h
                                                                                                                                                                                                                                        jmp 00007FC7491CF88Ch
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                                        jne 00007FC7491CF909h
                                                                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                                                                        jnbe 00007FC7491CF90Ch
                                                                                                                                                                                                                                        call 00007FC7491CFE3Eh
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FC7491CF8CAh
                                                                                                                                                                                                                                        test ebx, ebx
                                                                                                                                                                                                                                        jne 00007FC7491CF8C6h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                                                        call 00007FC7491DCBF2h

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x2b0000x12a280x12c00f2a8f318f1a2c4fdb604e1c285e0e7c3False0.5242838541666667data5.75076609510382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                        RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                        RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                        RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                        RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                        RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                        RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                        RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                                                        RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                                                        KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.322115898 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.322164059 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.322284937 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.323054075 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.323079109 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.636207104 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.641212940 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.641232967 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.642627001 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.642735958 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.643450975 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.643599987 CET44349718172.67.74.152192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.643606901 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:11.643650055 CET49718443192.168.2.9172.67.74.152
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.265501976 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.265552998 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.265721083 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.266252995 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.266273975 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.528470039 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.533731937 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.533755064 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.534888983 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.534976006 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.535356045 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.535487890 CET49739443192.168.2.9185.199.109.133
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.535501957 CET44349739185.199.109.133192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:19.535548925 CET49739443192.168.2.9185.199.109.133

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.179482937 CET6261553192.168.2.91.1.1.1
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.318099022 CET53626151.1.1.1192.168.2.9
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.126610994 CET5991153192.168.2.91.1.1.1
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.264527082 CET53599111.1.1.1192.168.2.9

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.179482937 CET192.168.2.91.1.1.10x8a70Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.126610994 CET192.168.2.91.1.1.10xb60aStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:03.766275883 CET1.1.1.1192.168.2.90xae43No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:03.766275883 CET1.1.1.1192.168.2.90xae43No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.318099022 CET1.1.1.1192.168.2.90x8a70No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.318099022 CET1.1.1.1192.168.2.90x8a70No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:10.318099022 CET1.1.1.1192.168.2.90x8a70No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.264527082 CET1.1.1.1192.168.2.90xb60aNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.264527082 CET1.1.1.1192.168.2.90xb60aNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.264527082 CET1.1.1.1192.168.2.90xb60aNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 3, 2024 10:28:18.264527082 CET1.1.1.1192.168.2.90xb60aNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:04:28:05
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6058b0000
                                                                                                                                                                                                                                        File size:15'088'132 bytes
                                                                                                                                                                                                                                        MD5 hash:F4EF93954BAA2E6D65D793B09F7BBF15
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                        Start time:04:28:07
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6058b0000
                                                                                                                                                                                                                                        File size:15'088'132 bytes
                                                                                                                                                                                                                                        MD5 hash:F4EF93954BAA2E6D65D793B09F7BBF15
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_5, Description: Yara detected AntiVM_5, Source: 00000002.00000002.2610197396.000001DD87DA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_5, Description: Yara detected AntiVM_5, Source: 00000002.00000002.2610105068.000001DD87CFC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:04:28:10
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                        Start time:04:28:10
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:04:28:11
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic baseboard get manufacturer
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:04:28:11
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:04:28:12
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic diskdrive get serialnumber
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:04:28:12
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:04:28:13
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic cpu get serialnumber
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:04:28:13
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:04:28:14
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic bios get serialnumber
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:04:28:14
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:04:28:15
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic baseboard get serialnumber
                                                                                                                                                                                                                                        Imagebase:0x7ff6ed670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:04:28:15
                                                                                                                                                                                                                                        Start date:03/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:8.6%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:14.2%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:41
                                                                                                                                                                                                                                          execution_graph 19600 7ff6058dac53 19601 7ff6058dac63 19600->19601 19604 7ff6058c54e8 LeaveCriticalSection 19601->19604 16056 7ff6058bbb50 16057 7ff6058bbb7e 16056->16057 16058 7ff6058bbb65 16056->16058 16058->16057 16061 7ff6058cd66c 16058->16061 16062 7ff6058cd67b memcpy_s 16061->16062 16063 7ff6058cd6b7 16061->16063 16062->16063 16064 7ff6058cd69e HeapAlloc 16062->16064 16068 7ff6058d3600 16062->16068 16071 7ff6058c4f78 16063->16071 16064->16062 16066 7ff6058bbbde 16064->16066 16074 7ff6058d3640 16068->16074 16080 7ff6058cb338 GetLastError 16071->16080 16073 7ff6058c4f81 16073->16066 16079 7ff6058d0348 EnterCriticalSection 16074->16079 16081 7ff6058cb379 FlsSetValue 16080->16081 16085 7ff6058cb35c 16080->16085 16082 7ff6058cb38b 16081->16082 16086 7ff6058cb369 SetLastError 16081->16086 16097 7ff6058cec08 16082->16097 16085->16081 16085->16086 16086->16073 16088 7ff6058cb3b8 FlsSetValue 16091 7ff6058cb3c4 FlsSetValue 16088->16091 16092 7ff6058cb3d6 16088->16092 16089 7ff6058cb3a8 FlsSetValue 16090 7ff6058cb3b1 16089->16090 16104 7ff6058ca9b8 16090->16104 16091->16090 16110 7ff6058caf64 16092->16110 16098 7ff6058cec19 memcpy_s 16097->16098 16099 7ff6058cec6a 16098->16099 16100 7ff6058cec4e HeapAlloc 16098->16100 16103 7ff6058d3600 memcpy_s 2 API calls 16098->16103 16102 7ff6058c4f78 memcpy_s 10 API calls 16099->16102 16100->16098 16101 7ff6058cb39a 16100->16101 16101->16088 16101->16089 16102->16101 16103->16098 16105 7ff6058ca9ec 16104->16105 16106 7ff6058ca9bd RtlFreeHeap 16104->16106 16105->16086 16106->16105 16107 7ff6058ca9d8 GetLastError 16106->16107 16108 7ff6058ca9e5 Concurrency::details::SchedulerProxy::DeleteThis 16107->16108 16109 7ff6058c4f78 memcpy_s 9 API calls 16108->16109 16109->16105 16115 7ff6058cae3c 16110->16115 16127 7ff6058d0348 EnterCriticalSection 16115->16127 20029 7ff6058bcbc0 20030 7ff6058bcbd0 20029->20030 20046 7ff6058c9c18 20030->20046 20032 7ff6058bcbdc 20052 7ff6058bceb8 20032->20052 20034 7ff6058bd19c 7 API calls 20036 7ff6058bcc75 20034->20036 20035 7ff6058bcbf4 _RTC_Initialize 20044 7ff6058bcc49 20035->20044 20057 7ff6058bd068 20035->20057 20038 7ff6058bcc09 20060 7ff6058c9084 20038->20060 20044->20034 20045 7ff6058bcc65 20044->20045 20047 7ff6058c9c29 20046->20047 20048 7ff6058c9c31 20047->20048 20049 7ff6058c4f78 memcpy_s 11 API calls 20047->20049 20048->20032 20050 7ff6058c9c40 20049->20050 20051 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 20050->20051 20051->20048 20053 7ff6058bcec9 20052->20053 20056 7ff6058bcece __scrt_release_startup_lock 20052->20056 20054 7ff6058bd19c 7 API calls 20053->20054 20053->20056 20055 7ff6058bcf42 20054->20055 20056->20035 20085 7ff6058bd02c 20057->20085 20059 7ff6058bd071 20059->20038 20061 7ff6058c90a4 20060->20061 20067 7ff6058bcc15 20060->20067 20062 7ff6058c90c2 GetModuleFileNameW 20061->20062 20063 7ff6058c90ac 20061->20063 20068 7ff6058c90ed 20062->20068 20064 7ff6058c4f78 memcpy_s 11 API calls 20063->20064 20065 7ff6058c90b1 20064->20065 20066 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 20065->20066 20066->20067 20067->20044 20084 7ff6058bd13c InitializeSListHead 20067->20084 20069 7ff6058c9024 11 API calls 20068->20069 20070 7ff6058c912d 20069->20070 20071 7ff6058c9135 20070->20071 20075 7ff6058c914d 20070->20075 20072 7ff6058c4f78 memcpy_s 11 API calls 20071->20072 20073 7ff6058c913a 20072->20073 20074 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20073->20074 20074->20067 20076 7ff6058c916f 20075->20076 20078 7ff6058c91b4 20075->20078 20079 7ff6058c919b 20075->20079 20077 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20076->20077 20077->20067 20081 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20078->20081 20080 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20079->20080 20082 7ff6058c91a4 20080->20082 20081->20076 20083 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20082->20083 20083->20067 20086 7ff6058bd046 20085->20086 20088 7ff6058bd03f 20085->20088 20089 7ff6058ca25c 20086->20089 20088->20059 20092 7ff6058c9e98 20089->20092 20099 7ff6058d0348 EnterCriticalSection 20092->20099 19605 7ff6058cb040 19606 7ff6058cb045 19605->19606 19607 7ff6058cb05a 19605->19607 19611 7ff6058cb060 19606->19611 19612 7ff6058cb0a2 19611->19612 19613 7ff6058cb0aa 19611->19613 19614 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19612->19614 19615 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19613->19615 19614->19613 19616 7ff6058cb0b7 19615->19616 19617 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19616->19617 19618 7ff6058cb0c4 19617->19618 19619 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19618->19619 19620 7ff6058cb0d1 19619->19620 19621 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19620->19621 19622 7ff6058cb0de 19621->19622 19623 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19622->19623 19624 7ff6058cb0eb 19623->19624 19625 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19624->19625 19626 7ff6058cb0f8 19625->19626 19627 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19626->19627 19628 7ff6058cb105 19627->19628 19629 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19628->19629 19630 7ff6058cb115 19629->19630 19631 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19630->19631 19632 7ff6058cb125 19631->19632 19637 7ff6058caf04 19632->19637 19651 7ff6058d0348 EnterCriticalSection 19637->19651 20103 7ff6058c9dc0 20106 7ff6058c9d3c 20103->20106 20113 7ff6058d0348 EnterCriticalSection 20106->20113 19657 7ff6058dae6e 19658 7ff6058dae7d 19657->19658 19659 7ff6058dae87 19657->19659 19661 7ff6058d03a8 LeaveCriticalSection 19658->19661 20215 7ff6058dadd9 20218 7ff6058c54e8 LeaveCriticalSection 20215->20218 19671 7ff6058d7c90 19674 7ff6058d2660 19671->19674 19675 7ff6058d266d 19674->19675 19676 7ff6058d26b2 19674->19676 19680 7ff6058cb294 19675->19680 19681 7ff6058cb2a5 FlsGetValue 19680->19681 19682 7ff6058cb2c0 FlsSetValue 19680->19682 19684 7ff6058cb2b2 19681->19684 19685 7ff6058cb2ba 19681->19685 19683 7ff6058cb2cd 19682->19683 19682->19684 19687 7ff6058cec08 memcpy_s 11 API calls 19683->19687 19686 7ff6058ca574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19684->19686 19688 7ff6058cb2b8 19684->19688 19685->19682 19689 7ff6058cb335 19686->19689 19690 7ff6058cb2dc 19687->19690 19700 7ff6058d2334 19688->19700 19691 7ff6058cb2fa FlsSetValue 19690->19691 19692 7ff6058cb2ea FlsSetValue 19690->19692 19694 7ff6058cb306 FlsSetValue 19691->19694 19695 7ff6058cb318 19691->19695 19693 7ff6058cb2f3 19692->19693 19696 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19693->19696 19694->19693 19697 7ff6058caf64 memcpy_s 11 API calls 19695->19697 19696->19684 19698 7ff6058cb320 19697->19698 19699 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19698->19699 19699->19688 19723 7ff6058d25a4 19700->19723 19702 7ff6058d2369 19738 7ff6058d2034 19702->19738 19705 7ff6058cd66c _fread_nolock 12 API calls 19706 7ff6058d2397 19705->19706 19707 7ff6058d239f 19706->19707 19709 7ff6058d23ae 19706->19709 19708 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19707->19708 19722 7ff6058d2386 19708->19722 19709->19709 19745 7ff6058d26dc 19709->19745 19712 7ff6058d24aa 19713 7ff6058c4f78 memcpy_s 11 API calls 19712->19713 19715 7ff6058d24af 19713->19715 19714 7ff6058d2505 19717 7ff6058d256c 19714->19717 19756 7ff6058d1e64 19714->19756 19718 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19715->19718 19716 7ff6058d24c4 19716->19714 19719 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19716->19719 19721 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19717->19721 19718->19722 19719->19714 19721->19722 19722->19676 19724 7ff6058d25c7 19723->19724 19725 7ff6058d25d1 19724->19725 19771 7ff6058d0348 EnterCriticalSection 19724->19771 19728 7ff6058d2643 19725->19728 19731 7ff6058ca574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19725->19731 19728->19702 19732 7ff6058d265b 19731->19732 19734 7ff6058d26b2 19732->19734 19735 7ff6058cb294 50 API calls 19732->19735 19734->19702 19736 7ff6058d269c 19735->19736 19737 7ff6058d2334 65 API calls 19736->19737 19737->19734 19739 7ff6058c4fbc 45 API calls 19738->19739 19740 7ff6058d2048 19739->19740 19741 7ff6058d2054 GetOEMCP 19740->19741 19742 7ff6058d2066 19740->19742 19744 7ff6058d207b 19741->19744 19743 7ff6058d206b GetACP 19742->19743 19742->19744 19743->19744 19744->19705 19744->19722 19746 7ff6058d2034 47 API calls 19745->19746 19747 7ff6058d2709 19746->19747 19748 7ff6058d285f 19747->19748 19749 7ff6058d2746 IsValidCodePage 19747->19749 19755 7ff6058d2760 __scrt_get_show_window_mode 19747->19755 19750 7ff6058bc5c0 _log10_special 8 API calls 19748->19750 19749->19748 19751 7ff6058d2757 19749->19751 19752 7ff6058d24a1 19750->19752 19753 7ff6058d2786 GetCPInfo 19751->19753 19751->19755 19752->19712 19752->19716 19753->19748 19753->19755 19772 7ff6058d214c 19755->19772 19828 7ff6058d0348 EnterCriticalSection 19756->19828 19773 7ff6058d2189 GetCPInfo 19772->19773 19782 7ff6058d227f 19772->19782 19779 7ff6058d219c 19773->19779 19773->19782 19774 7ff6058bc5c0 _log10_special 8 API calls 19775 7ff6058d231e 19774->19775 19775->19748 19776 7ff6058d2eb0 48 API calls 19777 7ff6058d2213 19776->19777 19783 7ff6058d7bf4 19777->19783 19779->19776 19781 7ff6058d7bf4 54 API calls 19781->19782 19782->19774 19784 7ff6058c4fbc 45 API calls 19783->19784 19785 7ff6058d7c19 19784->19785 19788 7ff6058d78c0 19785->19788 19789 7ff6058d7901 19788->19789 19790 7ff6058cf910 _fread_nolock MultiByteToWideChar 19789->19790 19794 7ff6058d794b 19790->19794 19791 7ff6058d7bc9 19792 7ff6058bc5c0 _log10_special 8 API calls 19791->19792 19793 7ff6058d2246 19792->19793 19793->19781 19794->19791 19795 7ff6058cd66c _fread_nolock 12 API calls 19794->19795 19796 7ff6058d7a81 19794->19796 19797 7ff6058d7983 19794->19797 19795->19797 19796->19791 19798 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19796->19798 19797->19796 19799 7ff6058cf910 _fread_nolock MultiByteToWideChar 19797->19799 19798->19791 19800 7ff6058d79f6 19799->19800 19800->19796 19819 7ff6058cf154 19800->19819 19803 7ff6058d7a92 19805 7ff6058cd66c _fread_nolock 12 API calls 19803->19805 19807 7ff6058d7b64 19803->19807 19809 7ff6058d7ab0 19803->19809 19804 7ff6058d7a41 19804->19796 19806 7ff6058cf154 __crtLCMapStringW 6 API calls 19804->19806 19805->19809 19806->19796 19807->19796 19808 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19807->19808 19808->19796 19809->19796 19810 7ff6058cf154 __crtLCMapStringW 6 API calls 19809->19810 19811 7ff6058d7b30 19810->19811 19811->19807 19812 7ff6058d7b50 19811->19812 19813 7ff6058d7b66 19811->19813 19814 7ff6058d0858 WideCharToMultiByte 19812->19814 19815 7ff6058d0858 WideCharToMultiByte 19813->19815 19816 7ff6058d7b5e 19814->19816 19815->19816 19816->19807 19817 7ff6058d7b7e 19816->19817 19817->19796 19818 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19817->19818 19818->19796 19820 7ff6058ced80 __crtLCMapStringW 5 API calls 19819->19820 19821 7ff6058cf192 19820->19821 19822 7ff6058cf19a 19821->19822 19825 7ff6058cf240 19821->19825 19822->19796 19822->19803 19822->19804 19824 7ff6058cf203 LCMapStringW 19824->19822 19826 7ff6058ced80 __crtLCMapStringW 5 API calls 19825->19826 19827 7ff6058cf26e __crtLCMapStringW 19826->19827 19827->19824 20778 7ff6058cc590 20789 7ff6058d0348 EnterCriticalSection 20778->20789 19829 7ff6058c5480 19830 7ff6058c548b 19829->19830 19838 7ff6058cf314 19830->19838 19851 7ff6058d0348 EnterCriticalSection 19838->19851 16511 7ff6058cf9fc 16512 7ff6058cfbee 16511->16512 16515 7ff6058cfa3e _isindst 16511->16515 16513 7ff6058c4f78 memcpy_s 11 API calls 16512->16513 16531 7ff6058cfbde 16513->16531 16514 7ff6058bc5c0 _log10_special 8 API calls 16516 7ff6058cfc09 16514->16516 16515->16512 16517 7ff6058cfabe _isindst 16515->16517 16532 7ff6058d6204 16517->16532 16522 7ff6058cfc1a 16524 7ff6058ca970 _isindst 17 API calls 16522->16524 16526 7ff6058cfc2e 16524->16526 16529 7ff6058cfb1b 16529->16531 16556 7ff6058d6248 16529->16556 16531->16514 16533 7ff6058d6213 16532->16533 16534 7ff6058cfadc 16532->16534 16563 7ff6058d0348 EnterCriticalSection 16533->16563 16538 7ff6058d5608 16534->16538 16539 7ff6058d5611 16538->16539 16540 7ff6058cfaf1 16538->16540 16541 7ff6058c4f78 memcpy_s 11 API calls 16539->16541 16540->16522 16544 7ff6058d5638 16540->16544 16542 7ff6058d5616 16541->16542 16543 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16542->16543 16543->16540 16545 7ff6058d5641 16544->16545 16549 7ff6058cfb02 16544->16549 16546 7ff6058c4f78 memcpy_s 11 API calls 16545->16546 16547 7ff6058d5646 16546->16547 16548 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16547->16548 16548->16549 16549->16522 16550 7ff6058d5668 16549->16550 16551 7ff6058d5671 16550->16551 16552 7ff6058cfb13 16550->16552 16553 7ff6058c4f78 memcpy_s 11 API calls 16551->16553 16552->16522 16552->16529 16554 7ff6058d5676 16553->16554 16555 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16554->16555 16555->16552 16564 7ff6058d0348 EnterCriticalSection 16556->16564 16565 7ff6058bccac 16586 7ff6058bce7c 16565->16586 16568 7ff6058bcdf8 16740 7ff6058bd19c IsProcessorFeaturePresent 16568->16740 16570 7ff6058bccc8 __scrt_acquire_startup_lock 16571 7ff6058bce02 16570->16571 16576 7ff6058bcce6 __scrt_release_startup_lock 16570->16576 16572 7ff6058bd19c 7 API calls 16571->16572 16574 7ff6058bce0d __FrameHandler3::FrameUnwindToEmptyState 16572->16574 16573 7ff6058bcd0b 16575 7ff6058bcd91 16592 7ff6058bd2e4 16575->16592 16576->16573 16576->16575 16729 7ff6058c9b9c 16576->16729 16578 7ff6058bcd96 16595 7ff6058b1000 16578->16595 16583 7ff6058bcdb9 16583->16574 16736 7ff6058bd000 16583->16736 16587 7ff6058bce84 16586->16587 16588 7ff6058bce90 __scrt_dllmain_crt_thread_attach 16587->16588 16589 7ff6058bce9d 16588->16589 16590 7ff6058bccc0 16588->16590 16589->16590 16747 7ff6058bd8f8 16589->16747 16590->16568 16590->16570 16593 7ff6058da540 __scrt_get_show_window_mode 16592->16593 16594 7ff6058bd2fb GetStartupInfoW 16593->16594 16594->16578 16596 7ff6058b1009 16595->16596 16774 7ff6058c54f4 16596->16774 16598 7ff6058b37fb 16781 7ff6058b36b0 16598->16781 16601 7ff6058b3808 __std_exception_copy 16604 7ff6058bc5c0 _log10_special 8 API calls 16601->16604 16607 7ff6058b3ca7 16604->16607 16605 7ff6058b383c 16941 7ff6058b1c80 16605->16941 16606 7ff6058b391b 16950 7ff6058b45b0 16606->16950 16734 7ff6058bd328 GetModuleHandleW 16607->16734 16610 7ff6058b385b 16853 7ff6058b8a20 16610->16853 16613 7ff6058b396a 16973 7ff6058b2710 16613->16973 16616 7ff6058b388e 16623 7ff6058b38bb __std_exception_copy 16616->16623 16945 7ff6058b8b90 16616->16945 16617 7ff6058b395d 16618 7ff6058b3984 16617->16618 16619 7ff6058b3962 16617->16619 16621 7ff6058b1c80 49 API calls 16618->16621 16969 7ff6058c00bc 16619->16969 16624 7ff6058b39a3 16621->16624 16625 7ff6058b8a20 14 API calls 16623->16625 16632 7ff6058b38de __std_exception_copy 16623->16632 16629 7ff6058b1950 115 API calls 16624->16629 16625->16632 16627 7ff6058b3a0b 16628 7ff6058b8b90 40 API calls 16627->16628 16630 7ff6058b3a17 16628->16630 16631 7ff6058b39ce 16629->16631 16633 7ff6058b8b90 40 API calls 16630->16633 16631->16610 16634 7ff6058b39de 16631->16634 16638 7ff6058b390e __std_exception_copy 16632->16638 16984 7ff6058b8b30 16632->16984 16635 7ff6058b3a23 16633->16635 16636 7ff6058b2710 54 API calls 16634->16636 16637 7ff6058b8b90 40 API calls 16635->16637 16636->16601 16637->16638 16639 7ff6058b8a20 14 API calls 16638->16639 16640 7ff6058b3a3b 16639->16640 16641 7ff6058b3b2f 16640->16641 16642 7ff6058b3a60 __std_exception_copy 16640->16642 16643 7ff6058b2710 54 API calls 16641->16643 16644 7ff6058b8b30 40 API calls 16642->16644 16652 7ff6058b3aab 16642->16652 16643->16601 16644->16652 16645 7ff6058b8a20 14 API calls 16646 7ff6058b3bf4 __std_exception_copy 16645->16646 16647 7ff6058b3d41 16646->16647 16648 7ff6058b3c46 16646->16648 16991 7ff6058b44d0 16647->16991 16649 7ff6058b3c50 16648->16649 16650 7ff6058b3cd4 16648->16650 16866 7ff6058b90e0 16649->16866 16654 7ff6058b8a20 14 API calls 16650->16654 16652->16645 16657 7ff6058b3ce0 16654->16657 16655 7ff6058b3d4f 16658 7ff6058b3d71 16655->16658 16659 7ff6058b3d65 16655->16659 16660 7ff6058b3c61 16657->16660 16664 7ff6058b3ced 16657->16664 16662 7ff6058b1c80 49 API calls 16658->16662 16994 7ff6058b4620 16659->16994 16666 7ff6058b2710 54 API calls 16660->16666 16673 7ff6058b3cc8 __std_exception_copy 16662->16673 16667 7ff6058b1c80 49 API calls 16664->16667 16666->16601 16670 7ff6058b3d0b 16667->16670 16668 7ff6058b3dc4 16916 7ff6058b9400 16668->16916 16672 7ff6058b3d12 16670->16672 16670->16673 16671 7ff6058b3dd7 SetDllDirectoryW 16677 7ff6058b3e0a 16671->16677 16720 7ff6058b3e5a 16671->16720 16676 7ff6058b2710 54 API calls 16672->16676 16673->16668 16674 7ff6058b3da7 SetDllDirectoryW LoadLibraryExW 16673->16674 16674->16668 16676->16601 16679 7ff6058b8a20 14 API calls 16677->16679 16678 7ff6058b3ffc 16681 7ff6058b4029 16678->16681 16682 7ff6058b4006 PostMessageW GetMessageW 16678->16682 16686 7ff6058b3e16 __std_exception_copy 16679->16686 16680 7ff6058b3f1b 16921 7ff6058b33c0 16680->16921 17071 7ff6058b3360 16681->17071 16682->16681 16689 7ff6058b3ef2 16686->16689 16690 7ff6058b3e4e 16686->16690 16693 7ff6058b8b30 40 API calls 16689->16693 16690->16720 16997 7ff6058b6db0 16690->16997 16693->16720 16698 7ff6058b6fb0 FreeLibrary 16701 7ff6058b404f 16698->16701 16706 7ff6058b3e81 16709 7ff6058b3ea2 16706->16709 16721 7ff6058b3e85 16706->16721 17018 7ff6058b6df0 16706->17018 16709->16721 17037 7ff6058b71a0 16709->17037 16720->16678 16720->16680 16721->16720 17053 7ff6058b2a50 16721->17053 16730 7ff6058c9bb3 16729->16730 16731 7ff6058c9bd4 16729->16731 16730->16575 19029 7ff6058ca448 16731->19029 16735 7ff6058bd339 16734->16735 16735->16583 16738 7ff6058bd011 16736->16738 16737 7ff6058bcdd0 16737->16573 16738->16737 16739 7ff6058bd8f8 7 API calls 16738->16739 16739->16737 16741 7ff6058bd1c2 _isindst __scrt_get_show_window_mode 16740->16741 16742 7ff6058bd1e1 RtlCaptureContext RtlLookupFunctionEntry 16741->16742 16743 7ff6058bd246 __scrt_get_show_window_mode 16742->16743 16744 7ff6058bd20a RtlVirtualUnwind 16742->16744 16745 7ff6058bd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16743->16745 16744->16743 16746 7ff6058bd2c6 _isindst 16745->16746 16746->16571 16748 7ff6058bd900 16747->16748 16749 7ff6058bd90a 16747->16749 16753 7ff6058bdc94 16748->16753 16749->16590 16754 7ff6058bd905 16753->16754 16755 7ff6058bdca3 16753->16755 16757 7ff6058bdd00 16754->16757 16761 7ff6058bded0 16755->16761 16758 7ff6058bdd2b 16757->16758 16759 7ff6058bdd2f 16758->16759 16760 7ff6058bdd0e DeleteCriticalSection 16758->16760 16759->16749 16760->16758 16765 7ff6058bdd38 16761->16765 16766 7ff6058bdd7c __vcrt_InitializeCriticalSectionEx 16765->16766 16772 7ff6058bde22 TlsFree 16765->16772 16767 7ff6058bddaa LoadLibraryExW 16766->16767 16768 7ff6058bde69 GetProcAddress 16766->16768 16766->16772 16773 7ff6058bdded LoadLibraryExW 16766->16773 16769 7ff6058bde49 16767->16769 16770 7ff6058bddcb GetLastError 16767->16770 16768->16772 16769->16768 16771 7ff6058bde60 FreeLibrary 16769->16771 16770->16766 16771->16768 16773->16766 16773->16769 16777 7ff6058cf4f0 16774->16777 16775 7ff6058cf543 16776 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 16775->16776 16780 7ff6058cf56c 16776->16780 16777->16775 16778 7ff6058cf596 16777->16778 17084 7ff6058cf3c8 16778->17084 16780->16598 17092 7ff6058bc8c0 16781->17092 16784 7ff6058b3710 17094 7ff6058b92f0 FindFirstFileExW 16784->17094 16785 7ff6058b36eb GetLastError 17099 7ff6058b2c50 16785->17099 16789 7ff6058b3723 17114 7ff6058b9370 CreateFileW 16789->17114 16790 7ff6058b377d 17125 7ff6058b94b0 16790->17125 16791 7ff6058bc5c0 _log10_special 8 API calls 16794 7ff6058b37b5 16791->16794 16794->16601 16803 7ff6058b1950 16794->16803 16796 7ff6058b378b 16797 7ff6058b3706 16796->16797 16800 7ff6058b2810 49 API calls 16796->16800 16797->16791 16798 7ff6058b3734 17117 7ff6058b2810 16798->17117 16799 7ff6058b374c __vcrt_InitializeCriticalSectionEx 16799->16790 16800->16797 16804 7ff6058b45b0 108 API calls 16803->16804 16805 7ff6058b1985 16804->16805 16806 7ff6058b1c43 16805->16806 16808 7ff6058b7f80 83 API calls 16805->16808 16807 7ff6058bc5c0 _log10_special 8 API calls 16806->16807 16809 7ff6058b1c5e 16807->16809 16810 7ff6058b19cb 16808->16810 16809->16605 16809->16606 16852 7ff6058b1a03 16810->16852 17482 7ff6058c0744 16810->17482 16811 7ff6058c00bc 74 API calls 16811->16806 16813 7ff6058b19e5 16814 7ff6058b1a08 16813->16814 16815 7ff6058b19e9 16813->16815 17486 7ff6058c040c 16814->17486 16816 7ff6058c4f78 memcpy_s 11 API calls 16815->16816 16818 7ff6058b19ee 16816->16818 17489 7ff6058b2910 16818->17489 16821 7ff6058b1a45 16825 7ff6058b1a5c 16821->16825 16826 7ff6058b1a7b 16821->16826 16822 7ff6058b1a26 16823 7ff6058c4f78 memcpy_s 11 API calls 16822->16823 16824 7ff6058b1a2b 16823->16824 16827 7ff6058b2910 54 API calls 16824->16827 16828 7ff6058c4f78 memcpy_s 11 API calls 16825->16828 16829 7ff6058b1c80 49 API calls 16826->16829 16827->16852 16830 7ff6058b1a61 16828->16830 16831 7ff6058b1a92 16829->16831 16832 7ff6058b2910 54 API calls 16830->16832 16833 7ff6058b1c80 49 API calls 16831->16833 16832->16852 16834 7ff6058b1add 16833->16834 16835 7ff6058c0744 73 API calls 16834->16835 16836 7ff6058b1b01 16835->16836 16837 7ff6058b1b35 16836->16837 16838 7ff6058b1b16 16836->16838 16840 7ff6058c040c _fread_nolock 53 API calls 16837->16840 16839 7ff6058c4f78 memcpy_s 11 API calls 16838->16839 16841 7ff6058b1b1b 16839->16841 16842 7ff6058b1b4a 16840->16842 16843 7ff6058b2910 54 API calls 16841->16843 16844 7ff6058b1b50 16842->16844 16845 7ff6058b1b6f 16842->16845 16843->16852 16846 7ff6058c4f78 memcpy_s 11 API calls 16844->16846 17504 7ff6058c0180 16845->17504 16848 7ff6058b1b55 16846->16848 16850 7ff6058b2910 54 API calls 16848->16850 16850->16852 16851 7ff6058b2710 54 API calls 16851->16852 16852->16811 16854 7ff6058b8a2a 16853->16854 16855 7ff6058b9400 2 API calls 16854->16855 16856 7ff6058b8a49 GetEnvironmentVariableW 16855->16856 16857 7ff6058b8ab2 16856->16857 16858 7ff6058b8a66 ExpandEnvironmentStringsW 16856->16858 16860 7ff6058bc5c0 _log10_special 8 API calls 16857->16860 16858->16857 16859 7ff6058b8a88 16858->16859 16861 7ff6058b94b0 2 API calls 16859->16861 16862 7ff6058b8ac4 16860->16862 16863 7ff6058b8a9a 16861->16863 16862->16616 16864 7ff6058bc5c0 _log10_special 8 API calls 16863->16864 16865 7ff6058b8aaa 16864->16865 16865->16616 16867 7ff6058b90f5 16866->16867 17722 7ff6058b8760 GetCurrentProcess OpenProcessToken 16867->17722 16870 7ff6058b8760 7 API calls 16871 7ff6058b9121 16870->16871 16872 7ff6058b9154 16871->16872 16873 7ff6058b913a 16871->16873 16874 7ff6058b26b0 48 API calls 16872->16874 16875 7ff6058b26b0 48 API calls 16873->16875 16876 7ff6058b9167 LocalFree LocalFree 16874->16876 16877 7ff6058b9152 16875->16877 16878 7ff6058b9183 16876->16878 16881 7ff6058b918f 16876->16881 16877->16876 17732 7ff6058b2b50 16878->17732 16880 7ff6058bc5c0 _log10_special 8 API calls 16882 7ff6058b3c55 16880->16882 16881->16880 16882->16660 16883 7ff6058b8850 16882->16883 16884 7ff6058b8868 16883->16884 16885 7ff6058b888c 16884->16885 16886 7ff6058b88ea GetTempPathW GetCurrentProcessId 16884->16886 16888 7ff6058b8a20 14 API calls 16885->16888 17741 7ff6058b25c0 16886->17741 16889 7ff6058b8898 16888->16889 17748 7ff6058b81c0 16889->17748 16894 7ff6058b88d8 __std_exception_copy 16915 7ff6058b89c4 __std_exception_copy 16894->16915 16898 7ff6058b8918 __std_exception_copy 16902 7ff6058b8955 __std_exception_copy 16898->16902 17745 7ff6058c8bd8 16898->17745 16899 7ff6058b88be __std_exception_copy 16899->16886 16905 7ff6058b88cc 16899->16905 16901 7ff6058bc5c0 _log10_special 8 API calls 16904 7ff6058b3cbb 16901->16904 16907 7ff6058b9400 2 API calls 16902->16907 16902->16915 16904->16660 16904->16673 16906 7ff6058b2810 49 API calls 16905->16906 16906->16894 16908 7ff6058b89a1 16907->16908 16909 7ff6058b89d9 16908->16909 16910 7ff6058b89a6 16908->16910 16911 7ff6058c82a8 38 API calls 16909->16911 16912 7ff6058b9400 2 API calls 16910->16912 16911->16915 16913 7ff6058b89b6 16912->16913 16914 7ff6058c82a8 38 API calls 16913->16914 16914->16915 16915->16901 16917 7ff6058b9422 MultiByteToWideChar 16916->16917 16920 7ff6058b9446 16916->16920 16918 7ff6058b945c __std_exception_copy 16917->16918 16917->16920 16918->16671 16919 7ff6058b9463 MultiByteToWideChar 16919->16918 16920->16918 16920->16919 16932 7ff6058b33ce __scrt_get_show_window_mode 16921->16932 16922 7ff6058bc5c0 _log10_special 8 API calls 16924 7ff6058b3664 16922->16924 16923 7ff6058b35c7 16923->16922 16924->16601 16940 7ff6058b90c0 LocalFree 16924->16940 16926 7ff6058b1c80 49 API calls 16926->16932 16927 7ff6058b35e2 16929 7ff6058b2710 54 API calls 16927->16929 16929->16923 16931 7ff6058b35c9 16935 7ff6058b2710 54 API calls 16931->16935 16932->16923 16932->16926 16932->16927 16932->16931 16934 7ff6058b2a50 54 API calls 16932->16934 16938 7ff6058b35d0 16932->16938 17937 7ff6058b4550 16932->17937 17943 7ff6058b7e10 16932->17943 17954 7ff6058b1600 16932->17954 18002 7ff6058b7110 16932->18002 18006 7ff6058b4180 16932->18006 18050 7ff6058b4440 16932->18050 16934->16932 16935->16923 16939 7ff6058b2710 54 API calls 16938->16939 16939->16923 16942 7ff6058b1ca5 16941->16942 16943 7ff6058c49f4 49 API calls 16942->16943 16944 7ff6058b1cc8 16943->16944 16944->16610 16946 7ff6058b9400 2 API calls 16945->16946 16947 7ff6058b8ba4 16946->16947 16948 7ff6058c82a8 38 API calls 16947->16948 16949 7ff6058b8bb6 __std_exception_copy 16948->16949 16949->16623 16951 7ff6058b45bc 16950->16951 16952 7ff6058b9400 2 API calls 16951->16952 16953 7ff6058b45e4 16952->16953 16954 7ff6058b9400 2 API calls 16953->16954 16955 7ff6058b45f7 16954->16955 18217 7ff6058c6004 16955->18217 16958 7ff6058bc5c0 _log10_special 8 API calls 16959 7ff6058b392b 16958->16959 16959->16613 16960 7ff6058b7f80 16959->16960 16961 7ff6058b7fa4 16960->16961 16962 7ff6058b807b __std_exception_copy 16961->16962 16963 7ff6058c0744 73 API calls 16961->16963 16962->16617 16964 7ff6058b7fc0 16963->16964 16964->16962 18608 7ff6058c7938 16964->18608 16966 7ff6058c0744 73 API calls 16968 7ff6058b7fd5 16966->16968 16967 7ff6058c040c _fread_nolock 53 API calls 16967->16968 16968->16962 16968->16966 16968->16967 16970 7ff6058c00ec 16969->16970 18623 7ff6058bfe98 16970->18623 16972 7ff6058c0105 16972->16613 16974 7ff6058bc8c0 16973->16974 16975 7ff6058b2734 GetCurrentProcessId 16974->16975 16976 7ff6058b1c80 49 API calls 16975->16976 16977 7ff6058b2787 16976->16977 16978 7ff6058c49f4 49 API calls 16977->16978 16979 7ff6058b27cf 16978->16979 16980 7ff6058b2620 12 API calls 16979->16980 16981 7ff6058b27f1 16980->16981 16982 7ff6058bc5c0 _log10_special 8 API calls 16981->16982 16983 7ff6058b2801 16982->16983 16983->16601 16985 7ff6058b9400 2 API calls 16984->16985 16986 7ff6058b8b4c 16985->16986 16987 7ff6058b9400 2 API calls 16986->16987 16988 7ff6058b8b5c 16987->16988 16989 7ff6058c82a8 38 API calls 16988->16989 16990 7ff6058b8b6a __std_exception_copy 16989->16990 16990->16627 16992 7ff6058b1c80 49 API calls 16991->16992 16993 7ff6058b44ed 16992->16993 16993->16655 16995 7ff6058b1c80 49 API calls 16994->16995 16996 7ff6058b4650 16995->16996 16996->16673 16998 7ff6058b6dc5 16997->16998 16999 7ff6058b3e6c 16998->16999 17000 7ff6058c4f78 memcpy_s 11 API calls 16998->17000 17003 7ff6058b7330 16999->17003 17001 7ff6058b6dd2 17000->17001 17002 7ff6058b2910 54 API calls 17001->17002 17002->16999 18634 7ff6058b1470 17003->18634 17005 7ff6058b7358 17006 7ff6058b4620 49 API calls 17005->17006 17012 7ff6058b74a9 __std_exception_copy 17005->17012 17008 7ff6058b737a 17006->17008 17007 7ff6058b737f 17010 7ff6058b2a50 54 API calls 17007->17010 17008->17007 17009 7ff6058b4620 49 API calls 17008->17009 17011 7ff6058b739e 17009->17011 17010->17012 17011->17007 17013 7ff6058b4620 49 API calls 17011->17013 17012->16706 17014 7ff6058b73ba 17013->17014 17014->17007 17015 7ff6058b73c3 17014->17015 17016 7ff6058b2710 54 API calls 17015->17016 17017 7ff6058b7433 __std_exception_copy memcpy_s 17015->17017 17016->17012 17017->16706 17030 7ff6058b6e0c 17018->17030 17019 7ff6058bc5c0 _log10_special 8 API calls 17020 7ff6058b6f41 17019->17020 17020->16709 17021 7ff6058b1840 45 API calls 17021->17030 17022 7ff6058b6f9a 17024 7ff6058b2710 54 API calls 17022->17024 17023 7ff6058b1c80 49 API calls 17023->17030 17036 7ff6058b6f2f 17024->17036 17025 7ff6058b6f87 17027 7ff6058b2710 54 API calls 17025->17027 17026 7ff6058b4550 10 API calls 17026->17030 17027->17036 17028 7ff6058b7e10 52 API calls 17028->17030 17029 7ff6058b2a50 54 API calls 17029->17030 17030->17021 17030->17022 17030->17023 17030->17025 17030->17026 17030->17028 17030->17029 17031 7ff6058b6f74 17030->17031 17033 7ff6058b1600 118 API calls 17030->17033 17034 7ff6058b6f5d 17030->17034 17030->17036 17032 7ff6058b2710 54 API calls 17031->17032 17032->17036 17033->17030 17035 7ff6058b2710 54 API calls 17034->17035 17035->17036 17036->17019 18664 7ff6058b9070 17037->18664 17039 7ff6058b71b9 17040 7ff6058b9070 3 API calls 17039->17040 17041 7ff6058b71cc 17040->17041 17042 7ff6058b71ff 17041->17042 17043 7ff6058b71e4 17041->17043 17054 7ff6058bc8c0 17053->17054 17055 7ff6058b2a74 GetCurrentProcessId 17054->17055 17056 7ff6058b1c80 49 API calls 17055->17056 17057 7ff6058b2ac7 17056->17057 17058 7ff6058c49f4 49 API calls 17057->17058 17059 7ff6058b2b0f 17058->17059 17060 7ff6058b2620 12 API calls 17059->17060 17061 7ff6058b2b31 17060->17061 18740 7ff6058b6350 17071->18740 17075 7ff6058b3381 17079 7ff6058b3399 17075->17079 18808 7ff6058b6040 17075->18808 17077 7ff6058b338d 17077->17079 17080 7ff6058b3670 17079->17080 17081 7ff6058b367e 17080->17081 17082 7ff6058b368f 17081->17082 19028 7ff6058b9050 FreeLibrary 17081->19028 17082->16698 17091 7ff6058c54dc EnterCriticalSection 17084->17091 17093 7ff6058b36bc GetModuleFileNameW 17092->17093 17093->16784 17093->16785 17095 7ff6058b932f FindClose 17094->17095 17096 7ff6058b9342 17094->17096 17095->17096 17097 7ff6058bc5c0 _log10_special 8 API calls 17096->17097 17098 7ff6058b371a 17097->17098 17098->16789 17098->16790 17100 7ff6058bc8c0 17099->17100 17101 7ff6058b2c70 GetCurrentProcessId 17100->17101 17130 7ff6058b26b0 17101->17130 17103 7ff6058b2cb9 17134 7ff6058c4c48 17103->17134 17106 7ff6058b26b0 48 API calls 17108 7ff6058b2d34 FormatMessageW 17106->17108 17109 7ff6058b2d7f MessageBoxW 17108->17109 17110 7ff6058b2d6d 17108->17110 17112 7ff6058bc5c0 _log10_special 8 API calls 17109->17112 17111 7ff6058b26b0 48 API calls 17110->17111 17111->17109 17113 7ff6058b2daf 17112->17113 17113->16797 17115 7ff6058b93b0 GetFinalPathNameByHandleW CloseHandle 17114->17115 17116 7ff6058b3730 17114->17116 17115->17116 17116->16798 17116->16799 17118 7ff6058b2834 17117->17118 17119 7ff6058b26b0 48 API calls 17118->17119 17120 7ff6058b2887 17119->17120 17121 7ff6058c4c48 48 API calls 17120->17121 17122 7ff6058b28d0 MessageBoxW 17121->17122 17123 7ff6058bc5c0 _log10_special 8 API calls 17122->17123 17124 7ff6058b2900 17123->17124 17124->16797 17126 7ff6058b9505 17125->17126 17127 7ff6058b94da WideCharToMultiByte 17125->17127 17128 7ff6058b9522 WideCharToMultiByte 17126->17128 17129 7ff6058b951b __std_exception_copy 17126->17129 17127->17126 17127->17129 17128->17129 17129->16796 17131 7ff6058b26d5 17130->17131 17132 7ff6058c4c48 48 API calls 17131->17132 17133 7ff6058b26f8 17132->17133 17133->17103 17135 7ff6058c4ca2 17134->17135 17136 7ff6058c4cc7 17135->17136 17138 7ff6058c4d03 17135->17138 17137 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17136->17137 17151 7ff6058c4cf1 17137->17151 17152 7ff6058c3000 17138->17152 17140 7ff6058c4de4 17141 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17140->17141 17141->17151 17142 7ff6058bc5c0 _log10_special 8 API calls 17144 7ff6058b2d04 17142->17144 17144->17106 17145 7ff6058c4db9 17149 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17145->17149 17146 7ff6058c4e0a 17146->17140 17148 7ff6058c4e14 17146->17148 17147 7ff6058c4db0 17147->17140 17147->17145 17150 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17148->17150 17149->17151 17150->17151 17151->17142 17153 7ff6058c303e 17152->17153 17154 7ff6058c302e 17152->17154 17155 7ff6058c3075 17153->17155 17156 7ff6058c3047 17153->17156 17157 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17154->17157 17155->17154 17159 7ff6058c306d 17155->17159 17163 7ff6058c3a14 17155->17163 17196 7ff6058c3460 17155->17196 17233 7ff6058c2bf0 17155->17233 17158 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17156->17158 17157->17159 17158->17159 17159->17140 17159->17145 17159->17146 17159->17147 17164 7ff6058c3ac7 17163->17164 17165 7ff6058c3a56 17163->17165 17168 7ff6058c3b20 17164->17168 17169 7ff6058c3acc 17164->17169 17166 7ff6058c3af1 17165->17166 17167 7ff6058c3a5c 17165->17167 17256 7ff6058c1dc4 17166->17256 17170 7ff6058c3a61 17167->17170 17171 7ff6058c3a90 17167->17171 17174 7ff6058c3b37 17168->17174 17175 7ff6058c3b2a 17168->17175 17179 7ff6058c3b2f 17168->17179 17172 7ff6058c3b01 17169->17172 17173 7ff6058c3ace 17169->17173 17170->17174 17177 7ff6058c3a67 17170->17177 17171->17177 17171->17179 17263 7ff6058c19b4 17172->17263 17178 7ff6058c3a70 17173->17178 17184 7ff6058c3add 17173->17184 17270 7ff6058c471c 17174->17270 17175->17166 17175->17179 17177->17178 17181 7ff6058c3a8b 17177->17181 17185 7ff6058c3aa2 17177->17185 17194 7ff6058c3b60 17178->17194 17236 7ff6058c41c8 17178->17236 17179->17194 17274 7ff6058c21d4 17179->17274 17181->17194 17195 7ff6058c3d4c 17181->17195 17281 7ff6058c4830 17181->17281 17184->17166 17187 7ff6058c3ae2 17184->17187 17185->17194 17246 7ff6058c4504 17185->17246 17187->17194 17252 7ff6058c45c8 17187->17252 17189 7ff6058bc5c0 _log10_special 8 API calls 17191 7ff6058c3e5a 17189->17191 17191->17155 17194->17189 17195->17194 17287 7ff6058cea78 17195->17287 17197 7ff6058c346e 17196->17197 17198 7ff6058c3484 17196->17198 17199 7ff6058c3ac7 17197->17199 17200 7ff6058c3a56 17197->17200 17202 7ff6058c34c4 17197->17202 17201 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17198->17201 17198->17202 17205 7ff6058c3b20 17199->17205 17206 7ff6058c3acc 17199->17206 17203 7ff6058c3af1 17200->17203 17204 7ff6058c3a5c 17200->17204 17201->17202 17202->17155 17213 7ff6058c1dc4 38 API calls 17203->17213 17207 7ff6058c3a61 17204->17207 17208 7ff6058c3a90 17204->17208 17211 7ff6058c3b37 17205->17211 17212 7ff6058c3b2a 17205->17212 17216 7ff6058c3b2f 17205->17216 17209 7ff6058c3b01 17206->17209 17210 7ff6058c3ace 17206->17210 17207->17211 17214 7ff6058c3a67 17207->17214 17208->17214 17208->17216 17218 7ff6058c19b4 38 API calls 17209->17218 17215 7ff6058c3a70 17210->17215 17222 7ff6058c3add 17210->17222 17217 7ff6058c471c 45 API calls 17211->17217 17212->17203 17212->17216 17228 7ff6058c3a8b 17213->17228 17214->17215 17220 7ff6058c3aa2 17214->17220 17214->17228 17219 7ff6058c41c8 47 API calls 17215->17219 17231 7ff6058c3b60 17215->17231 17221 7ff6058c21d4 38 API calls 17216->17221 17216->17231 17217->17228 17218->17228 17219->17228 17223 7ff6058c4504 46 API calls 17220->17223 17220->17231 17221->17228 17222->17203 17224 7ff6058c3ae2 17222->17224 17223->17228 17226 7ff6058c45c8 37 API calls 17224->17226 17224->17231 17225 7ff6058bc5c0 _log10_special 8 API calls 17227 7ff6058c3e5a 17225->17227 17226->17228 17227->17155 17229 7ff6058c4830 45 API calls 17228->17229 17228->17231 17232 7ff6058c3d4c 17228->17232 17229->17232 17230 7ff6058cea78 46 API calls 17230->17232 17231->17225 17232->17230 17232->17231 17465 7ff6058c1038 17233->17465 17237 7ff6058c41ee 17236->17237 17299 7ff6058c0bf0 17237->17299 17242 7ff6058c4830 45 API calls 17244 7ff6058c4333 17242->17244 17243 7ff6058c4830 45 API calls 17245 7ff6058c43c1 17243->17245 17244->17243 17244->17244 17244->17245 17245->17181 17247 7ff6058c4539 17246->17247 17248 7ff6058c4557 17247->17248 17249 7ff6058c4830 45 API calls 17247->17249 17251 7ff6058c457e 17247->17251 17250 7ff6058cea78 46 API calls 17248->17250 17249->17248 17250->17251 17251->17181 17255 7ff6058c45e9 17252->17255 17253 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17254 7ff6058c461a 17253->17254 17254->17181 17255->17253 17255->17254 17257 7ff6058c1df7 17256->17257 17258 7ff6058c1e26 17257->17258 17261 7ff6058c1ee3 17257->17261 17259 7ff6058c1e63 17258->17259 17435 7ff6058c0c98 17258->17435 17259->17181 17262 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17261->17262 17262->17259 17264 7ff6058c19e7 17263->17264 17265 7ff6058c1a16 17264->17265 17267 7ff6058c1ad3 17264->17267 17266 7ff6058c0c98 12 API calls 17265->17266 17269 7ff6058c1a53 17265->17269 17266->17269 17268 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17267->17268 17268->17269 17269->17181 17271 7ff6058c475f 17270->17271 17272 7ff6058c4763 __crtLCMapStringW 17271->17272 17443 7ff6058c47b8 17271->17443 17272->17181 17275 7ff6058c2207 17274->17275 17276 7ff6058c2236 17275->17276 17278 7ff6058c22f3 17275->17278 17277 7ff6058c0c98 12 API calls 17276->17277 17280 7ff6058c2273 17276->17280 17277->17280 17279 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17278->17279 17279->17280 17280->17181 17282 7ff6058c4847 17281->17282 17447 7ff6058cda28 17282->17447 17288 7ff6058ceaa9 17287->17288 17296 7ff6058ceab7 17287->17296 17289 7ff6058cead7 17288->17289 17290 7ff6058c4830 45 API calls 17288->17290 17288->17296 17291 7ff6058ceb0f 17289->17291 17292 7ff6058ceae8 17289->17292 17290->17289 17294 7ff6058ceb9a 17291->17294 17295 7ff6058ceb39 17291->17295 17291->17296 17455 7ff6058d0110 17292->17455 17297 7ff6058cf910 _fread_nolock MultiByteToWideChar 17294->17297 17295->17296 17458 7ff6058cf910 17295->17458 17296->17195 17297->17296 17300 7ff6058c0c27 17299->17300 17306 7ff6058c0c16 17299->17306 17301 7ff6058cd66c _fread_nolock 12 API calls 17300->17301 17300->17306 17302 7ff6058c0c54 17301->17302 17303 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17302->17303 17305 7ff6058c0c68 17302->17305 17303->17305 17304 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17304->17306 17305->17304 17307 7ff6058ce5e0 17306->17307 17308 7ff6058ce630 17307->17308 17309 7ff6058ce5fd 17307->17309 17308->17309 17311 7ff6058ce662 17308->17311 17310 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17309->17310 17322 7ff6058c4311 17310->17322 17317 7ff6058ce775 17311->17317 17324 7ff6058ce6aa 17311->17324 17312 7ff6058ce867 17362 7ff6058cdacc 17312->17362 17314 7ff6058ce82d 17355 7ff6058cde64 17314->17355 17316 7ff6058ce7fc 17348 7ff6058ce144 17316->17348 17317->17312 17317->17314 17317->17316 17318 7ff6058ce7bf 17317->17318 17320 7ff6058ce7b5 17317->17320 17338 7ff6058ce374 17318->17338 17320->17314 17323 7ff6058ce7ba 17320->17323 17322->17242 17322->17244 17323->17316 17323->17318 17324->17322 17329 7ff6058ca514 17324->17329 17327 7ff6058ca970 _isindst 17 API calls 17328 7ff6058ce8c4 17327->17328 17330 7ff6058ca521 17329->17330 17331 7ff6058ca52b 17329->17331 17330->17331 17336 7ff6058ca546 17330->17336 17332 7ff6058c4f78 memcpy_s 11 API calls 17331->17332 17333 7ff6058ca532 17332->17333 17335 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17333->17335 17334 7ff6058ca53e 17334->17322 17334->17327 17335->17334 17336->17334 17337 7ff6058c4f78 memcpy_s 11 API calls 17336->17337 17337->17333 17371 7ff6058d411c 17338->17371 17342 7ff6058ce41c 17343 7ff6058ce471 17342->17343 17344 7ff6058ce43c 17342->17344 17347 7ff6058ce420 17342->17347 17424 7ff6058cdf60 17343->17424 17420 7ff6058ce21c 17344->17420 17347->17322 17349 7ff6058d411c 38 API calls 17348->17349 17350 7ff6058ce18e 17349->17350 17351 7ff6058d3b64 37 API calls 17350->17351 17352 7ff6058ce1de 17351->17352 17353 7ff6058ce1e2 17352->17353 17354 7ff6058ce21c 45 API calls 17352->17354 17353->17322 17354->17353 17356 7ff6058d411c 38 API calls 17355->17356 17357 7ff6058cdeaf 17356->17357 17358 7ff6058d3b64 37 API calls 17357->17358 17359 7ff6058cdf07 17358->17359 17360 7ff6058cdf0b 17359->17360 17361 7ff6058cdf60 45 API calls 17359->17361 17360->17322 17361->17360 17363 7ff6058cdb44 17362->17363 17364 7ff6058cdb11 17362->17364 17366 7ff6058cdb5c 17363->17366 17368 7ff6058cdbdd 17363->17368 17365 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17364->17365 17370 7ff6058cdb3d __scrt_get_show_window_mode 17365->17370 17367 7ff6058cde64 46 API calls 17366->17367 17367->17370 17369 7ff6058c4830 45 API calls 17368->17369 17368->17370 17369->17370 17370->17322 17372 7ff6058d416f fegetenv 17371->17372 17373 7ff6058d7e9c 37 API calls 17372->17373 17376 7ff6058d41c2 17373->17376 17374 7ff6058d41ef 17378 7ff6058ca514 __std_exception_copy 37 API calls 17374->17378 17375 7ff6058d42b2 17377 7ff6058d7e9c 37 API calls 17375->17377 17376->17375 17381 7ff6058d428c 17376->17381 17382 7ff6058d41dd 17376->17382 17379 7ff6058d42dc 17377->17379 17380 7ff6058d426d 17378->17380 17383 7ff6058d7e9c 37 API calls 17379->17383 17385 7ff6058d5394 17380->17385 17390 7ff6058d4275 17380->17390 17386 7ff6058ca514 __std_exception_copy 37 API calls 17381->17386 17382->17374 17382->17375 17384 7ff6058d42ed 17383->17384 17387 7ff6058d8090 20 API calls 17384->17387 17388 7ff6058ca970 _isindst 17 API calls 17385->17388 17386->17380 17398 7ff6058d4356 __scrt_get_show_window_mode 17387->17398 17389 7ff6058d53a9 17388->17389 17391 7ff6058bc5c0 _log10_special 8 API calls 17390->17391 17392 7ff6058ce3c1 17391->17392 17416 7ff6058d3b64 17392->17416 17393 7ff6058d46ff __scrt_get_show_window_mode 17394 7ff6058d4397 memcpy_s 17411 7ff6058d47f3 memcpy_s __scrt_get_show_window_mode 17394->17411 17412 7ff6058d4cdb memcpy_s __scrt_get_show_window_mode 17394->17412 17395 7ff6058d4a3f 17396 7ff6058d3c80 37 API calls 17395->17396 17402 7ff6058d5157 17396->17402 17397 7ff6058d49eb 17397->17395 17399 7ff6058d53ac memcpy_s 37 API calls 17397->17399 17398->17393 17398->17394 17400 7ff6058c4f78 memcpy_s 11 API calls 17398->17400 17399->17395 17401 7ff6058d47d0 17400->17401 17403 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17401->17403 17405 7ff6058d53ac memcpy_s 37 API calls 17402->17405 17409 7ff6058d51b2 17402->17409 17403->17394 17404 7ff6058d5338 17407 7ff6058d7e9c 37 API calls 17404->17407 17405->17409 17406 7ff6058c4f78 11 API calls memcpy_s 17406->17412 17407->17390 17408 7ff6058c4f78 11 API calls memcpy_s 17408->17411 17409->17404 17410 7ff6058d3c80 37 API calls 17409->17410 17414 7ff6058d53ac memcpy_s 37 API calls 17409->17414 17410->17409 17411->17397 17411->17408 17413 7ff6058ca950 37 API calls _invalid_parameter_noinfo 17411->17413 17412->17395 17412->17397 17412->17406 17415 7ff6058ca950 37 API calls _invalid_parameter_noinfo 17412->17415 17413->17411 17414->17409 17415->17412 17417 7ff6058d3b83 17416->17417 17418 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17417->17418 17419 7ff6058d3bae memcpy_s 17417->17419 17418->17419 17419->17342 17421 7ff6058ce248 memcpy_s 17420->17421 17421->17421 17422 7ff6058c4830 45 API calls 17421->17422 17423 7ff6058ce302 memcpy_s __scrt_get_show_window_mode 17421->17423 17422->17423 17423->17347 17425 7ff6058cdf9b 17424->17425 17428 7ff6058cdfe8 memcpy_s 17424->17428 17426 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17425->17426 17427 7ff6058cdfc7 17426->17427 17427->17347 17429 7ff6058ce053 17428->17429 17431 7ff6058c4830 45 API calls 17428->17431 17430 7ff6058ca514 __std_exception_copy 37 API calls 17429->17430 17432 7ff6058ce095 memcpy_s 17430->17432 17431->17429 17433 7ff6058ca970 _isindst 17 API calls 17432->17433 17434 7ff6058ce140 17433->17434 17436 7ff6058c0cbe 17435->17436 17437 7ff6058c0ccf 17435->17437 17436->17259 17437->17436 17438 7ff6058cd66c _fread_nolock 12 API calls 17437->17438 17439 7ff6058c0d00 17438->17439 17440 7ff6058c0d14 17439->17440 17441 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17439->17441 17442 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17440->17442 17441->17440 17442->17436 17444 7ff6058c47de 17443->17444 17445 7ff6058c47d6 17443->17445 17444->17272 17446 7ff6058c4830 45 API calls 17445->17446 17446->17444 17448 7ff6058cda41 17447->17448 17449 7ff6058c486f 17447->17449 17448->17449 17450 7ff6058d3374 45 API calls 17448->17450 17451 7ff6058cda94 17449->17451 17450->17449 17452 7ff6058c487f 17451->17452 17453 7ff6058cdaad 17451->17453 17452->17195 17453->17452 17454 7ff6058d26c0 45 API calls 17453->17454 17454->17452 17461 7ff6058d6df8 17455->17461 17460 7ff6058cf919 MultiByteToWideChar 17458->17460 17464 7ff6058d6e5c 17461->17464 17462 7ff6058bc5c0 _log10_special 8 API calls 17463 7ff6058d012d 17462->17463 17463->17296 17464->17462 17466 7ff6058c107f 17465->17466 17467 7ff6058c106d 17465->17467 17469 7ff6058c10c9 17466->17469 17471 7ff6058c108d 17466->17471 17468 7ff6058c4f78 memcpy_s 11 API calls 17467->17468 17470 7ff6058c1072 17468->17470 17474 7ff6058c1445 17469->17474 17476 7ff6058c4f78 memcpy_s 11 API calls 17469->17476 17472 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17470->17472 17473 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17471->17473 17481 7ff6058c107d 17472->17481 17473->17481 17475 7ff6058c4f78 memcpy_s 11 API calls 17474->17475 17474->17481 17477 7ff6058c16d9 17475->17477 17478 7ff6058c143a 17476->17478 17479 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17477->17479 17480 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17478->17480 17479->17481 17480->17474 17481->17155 17483 7ff6058c0774 17482->17483 17510 7ff6058c04d4 17483->17510 17485 7ff6058c078d 17485->16813 17522 7ff6058c042c 17486->17522 17490 7ff6058bc8c0 17489->17490 17491 7ff6058b2930 GetCurrentProcessId 17490->17491 17492 7ff6058b1c80 49 API calls 17491->17492 17493 7ff6058b2979 17492->17493 17536 7ff6058c49f4 17493->17536 17498 7ff6058b1c80 49 API calls 17499 7ff6058b29ff 17498->17499 17566 7ff6058b2620 17499->17566 17502 7ff6058bc5c0 _log10_special 8 API calls 17503 7ff6058b2a31 17502->17503 17503->16852 17505 7ff6058c0189 17504->17505 17506 7ff6058b1b89 17504->17506 17507 7ff6058c4f78 memcpy_s 11 API calls 17505->17507 17506->16851 17506->16852 17508 7ff6058c018e 17507->17508 17509 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17508->17509 17509->17506 17511 7ff6058c053e 17510->17511 17512 7ff6058c04fe 17510->17512 17511->17512 17513 7ff6058c054a 17511->17513 17514 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17512->17514 17521 7ff6058c54dc EnterCriticalSection 17513->17521 17517 7ff6058c0525 17514->17517 17517->17485 17523 7ff6058b1a20 17522->17523 17524 7ff6058c0456 17522->17524 17523->16821 17523->16822 17524->17523 17525 7ff6058c0465 __scrt_get_show_window_mode 17524->17525 17526 7ff6058c04a2 17524->17526 17529 7ff6058c4f78 memcpy_s 11 API calls 17525->17529 17535 7ff6058c54dc EnterCriticalSection 17526->17535 17531 7ff6058c047a 17529->17531 17532 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17531->17532 17532->17523 17537 7ff6058c4a4e 17536->17537 17538 7ff6058c4a73 17537->17538 17540 7ff6058c4aaf 17537->17540 17539 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17538->17539 17542 7ff6058c4a9d 17539->17542 17575 7ff6058c2c80 17540->17575 17544 7ff6058bc5c0 _log10_special 8 API calls 17542->17544 17543 7ff6058c4b8c 17545 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17543->17545 17547 7ff6058b29c3 17544->17547 17545->17542 17554 7ff6058c51d0 17547->17554 17548 7ff6058c4bb0 17548->17543 17549 7ff6058c4bba 17548->17549 17552 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17549->17552 17550 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17550->17542 17551 7ff6058c4b58 17551->17543 17553 7ff6058c4b61 17551->17553 17552->17542 17553->17550 17555 7ff6058cb338 memcpy_s 11 API calls 17554->17555 17556 7ff6058c51e7 17555->17556 17557 7ff6058b29e5 17556->17557 17558 7ff6058cec08 memcpy_s 11 API calls 17556->17558 17561 7ff6058c5227 17556->17561 17557->17498 17559 7ff6058c521c 17558->17559 17560 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17559->17560 17560->17561 17561->17557 17713 7ff6058cec90 17561->17713 17564 7ff6058ca970 _isindst 17 API calls 17565 7ff6058c526c 17564->17565 17567 7ff6058b262f 17566->17567 17568 7ff6058b9400 2 API calls 17567->17568 17569 7ff6058b2660 17568->17569 17570 7ff6058b266f MessageBoxW 17569->17570 17571 7ff6058b2683 MessageBoxA 17569->17571 17572 7ff6058b2690 17570->17572 17571->17572 17573 7ff6058bc5c0 _log10_special 8 API calls 17572->17573 17574 7ff6058b26a0 17573->17574 17574->17502 17576 7ff6058c2cbe 17575->17576 17577 7ff6058c2cae 17575->17577 17578 7ff6058c2cc7 17576->17578 17585 7ff6058c2cf5 17576->17585 17581 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17577->17581 17579 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17578->17579 17580 7ff6058c2ced 17579->17580 17580->17543 17580->17548 17580->17551 17580->17553 17581->17580 17582 7ff6058c4830 45 API calls 17582->17585 17584 7ff6058c2fa4 17587 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17584->17587 17585->17577 17585->17580 17585->17582 17585->17584 17589 7ff6058c3610 17585->17589 17615 7ff6058c32d8 17585->17615 17645 7ff6058c2b60 17585->17645 17587->17577 17590 7ff6058c36c5 17589->17590 17591 7ff6058c3652 17589->17591 17594 7ff6058c371f 17590->17594 17595 7ff6058c36ca 17590->17595 17592 7ff6058c36ef 17591->17592 17593 7ff6058c3658 17591->17593 17662 7ff6058c1bc0 17592->17662 17601 7ff6058c365d 17593->17601 17604 7ff6058c372e 17593->17604 17594->17592 17594->17604 17613 7ff6058c3688 17594->17613 17596 7ff6058c36ff 17595->17596 17597 7ff6058c36cc 17595->17597 17669 7ff6058c17b0 17596->17669 17598 7ff6058c366d 17597->17598 17603 7ff6058c36db 17597->17603 17614 7ff6058c375d 17598->17614 17648 7ff6058c3f74 17598->17648 17601->17598 17605 7ff6058c36a0 17601->17605 17601->17613 17603->17592 17607 7ff6058c36e0 17603->17607 17604->17614 17676 7ff6058c1fd0 17604->17676 17605->17614 17658 7ff6058c4430 17605->17658 17610 7ff6058c45c8 37 API calls 17607->17610 17607->17614 17609 7ff6058bc5c0 _log10_special 8 API calls 17611 7ff6058c39f3 17609->17611 17610->17613 17611->17585 17613->17614 17683 7ff6058ce8c8 17613->17683 17614->17609 17616 7ff6058c32e3 17615->17616 17617 7ff6058c32f9 17615->17617 17619 7ff6058c36c5 17616->17619 17620 7ff6058c3652 17616->17620 17634 7ff6058c3337 17616->17634 17618 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17617->17618 17617->17634 17618->17634 17621 7ff6058c36ca 17619->17621 17622 7ff6058c371f 17619->17622 17623 7ff6058c36ef 17620->17623 17624 7ff6058c3658 17620->17624 17625 7ff6058c36cc 17621->17625 17628 7ff6058c36ff 17621->17628 17622->17623 17630 7ff6058c372e 17622->17630 17643 7ff6058c3688 17622->17643 17627 7ff6058c1bc0 38 API calls 17623->17627 17624->17630 17631 7ff6058c365d 17624->17631 17626 7ff6058c366d 17625->17626 17636 7ff6058c36db 17625->17636 17629 7ff6058c3f74 47 API calls 17626->17629 17644 7ff6058c375d 17626->17644 17627->17643 17632 7ff6058c17b0 38 API calls 17628->17632 17629->17643 17635 7ff6058c1fd0 38 API calls 17630->17635 17630->17644 17631->17626 17633 7ff6058c36a0 17631->17633 17631->17643 17632->17643 17637 7ff6058c4430 47 API calls 17633->17637 17633->17644 17634->17585 17635->17643 17636->17623 17638 7ff6058c36e0 17636->17638 17637->17643 17640 7ff6058c45c8 37 API calls 17638->17640 17638->17644 17639 7ff6058bc5c0 _log10_special 8 API calls 17641 7ff6058c39f3 17639->17641 17640->17643 17641->17585 17642 7ff6058ce8c8 47 API calls 17642->17643 17643->17642 17643->17644 17644->17639 17696 7ff6058c0d84 17645->17696 17649 7ff6058c3f96 17648->17649 17650 7ff6058c0bf0 12 API calls 17649->17650 17651 7ff6058c3fde 17650->17651 17652 7ff6058ce5e0 46 API calls 17651->17652 17653 7ff6058c40b1 17652->17653 17654 7ff6058c4830 45 API calls 17653->17654 17657 7ff6058c40d3 17653->17657 17654->17657 17655 7ff6058c4830 45 API calls 17656 7ff6058c415c 17655->17656 17656->17613 17657->17655 17657->17656 17657->17657 17659 7ff6058c4448 17658->17659 17661 7ff6058c44b0 17658->17661 17660 7ff6058ce8c8 47 API calls 17659->17660 17659->17661 17660->17661 17661->17613 17663 7ff6058c1bf3 17662->17663 17664 7ff6058c1c22 17663->17664 17666 7ff6058c1cdf 17663->17666 17665 7ff6058c0bf0 12 API calls 17664->17665 17668 7ff6058c1c5f 17664->17668 17665->17668 17667 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17666->17667 17667->17668 17668->17613 17670 7ff6058c17e3 17669->17670 17671 7ff6058c1812 17670->17671 17673 7ff6058c18cf 17670->17673 17672 7ff6058c0bf0 12 API calls 17671->17672 17675 7ff6058c184f 17671->17675 17672->17675 17674 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17673->17674 17674->17675 17675->17613 17677 7ff6058c2003 17676->17677 17678 7ff6058c2032 17677->17678 17680 7ff6058c20ef 17677->17680 17679 7ff6058c0bf0 12 API calls 17678->17679 17682 7ff6058c206f 17678->17682 17679->17682 17681 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17680->17681 17681->17682 17682->17613 17685 7ff6058ce8f0 17683->17685 17684 7ff6058ce935 17688 7ff6058ce91e __scrt_get_show_window_mode 17684->17688 17689 7ff6058ce8f5 __scrt_get_show_window_mode 17684->17689 17693 7ff6058d0858 17684->17693 17685->17684 17686 7ff6058c4830 45 API calls 17685->17686 17685->17688 17685->17689 17686->17684 17687 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17687->17689 17688->17687 17688->17689 17689->17613 17694 7ff6058d087c WideCharToMultiByte 17693->17694 17697 7ff6058c0db1 17696->17697 17698 7ff6058c0dc3 17696->17698 17699 7ff6058c4f78 memcpy_s 11 API calls 17697->17699 17701 7ff6058c0dd0 17698->17701 17704 7ff6058c0e0d 17698->17704 17700 7ff6058c0db6 17699->17700 17702 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17700->17702 17703 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 17701->17703 17708 7ff6058c0dc1 17702->17708 17703->17708 17705 7ff6058c0eb6 17704->17705 17706 7ff6058c4f78 memcpy_s 11 API calls 17704->17706 17707 7ff6058c4f78 memcpy_s 11 API calls 17705->17707 17705->17708 17709 7ff6058c0eab 17706->17709 17710 7ff6058c0f60 17707->17710 17708->17585 17711 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17709->17711 17712 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17710->17712 17711->17705 17712->17708 17718 7ff6058cecad 17713->17718 17714 7ff6058cecb2 17715 7ff6058c524d 17714->17715 17716 7ff6058c4f78 memcpy_s 11 API calls 17714->17716 17715->17557 17715->17564 17717 7ff6058cecbc 17716->17717 17719 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17717->17719 17718->17714 17718->17715 17720 7ff6058cecfc 17718->17720 17719->17715 17720->17715 17721 7ff6058c4f78 memcpy_s 11 API calls 17720->17721 17721->17717 17723 7ff6058b87a1 GetTokenInformation 17722->17723 17726 7ff6058b8823 __std_exception_copy 17722->17726 17724 7ff6058b87c2 GetLastError 17723->17724 17725 7ff6058b87cd 17723->17725 17724->17725 17724->17726 17725->17726 17729 7ff6058b87e9 GetTokenInformation 17725->17729 17727 7ff6058b8836 CloseHandle 17726->17727 17728 7ff6058b883c 17726->17728 17727->17728 17728->16870 17729->17726 17730 7ff6058b880c 17729->17730 17730->17726 17731 7ff6058b8816 ConvertSidToStringSidW 17730->17731 17731->17726 17733 7ff6058bc8c0 17732->17733 17734 7ff6058b2b74 GetCurrentProcessId 17733->17734 17735 7ff6058b26b0 48 API calls 17734->17735 17736 7ff6058b2bc7 17735->17736 17737 7ff6058c4c48 48 API calls 17736->17737 17738 7ff6058b2c10 MessageBoxW 17737->17738 17739 7ff6058bc5c0 _log10_special 8 API calls 17738->17739 17740 7ff6058b2c40 17739->17740 17740->16881 17742 7ff6058b25e5 17741->17742 17743 7ff6058c4c48 48 API calls 17742->17743 17744 7ff6058b2604 17743->17744 17744->16898 17790 7ff6058c8804 17745->17790 17749 7ff6058b81cc 17748->17749 17750 7ff6058b9400 2 API calls 17749->17750 17751 7ff6058b81eb 17750->17751 17752 7ff6058b81f3 17751->17752 17753 7ff6058b8206 ExpandEnvironmentStringsW 17751->17753 17754 7ff6058b2810 49 API calls 17752->17754 17755 7ff6058b822c __std_exception_copy 17753->17755 17779 7ff6058b81ff __std_exception_copy 17754->17779 17756 7ff6058b8230 17755->17756 17757 7ff6058b8243 17755->17757 17759 7ff6058b2810 49 API calls 17756->17759 17761 7ff6058b8251 GetDriveTypeW 17757->17761 17762 7ff6058b82af 17757->17762 17758 7ff6058bc5c0 _log10_special 8 API calls 17760 7ff6058b839f 17758->17760 17759->17779 17760->16894 17780 7ff6058c82a8 17760->17780 17765 7ff6058b82a0 17761->17765 17766 7ff6058b8285 17761->17766 17763 7ff6058c7e78 45 API calls 17762->17763 17767 7ff6058b82c1 17763->17767 17913 7ff6058c79dc 17765->17913 17768 7ff6058b2810 49 API calls 17766->17768 17770 7ff6058b82c9 17767->17770 17772 7ff6058b82dc 17767->17772 17768->17779 17771 7ff6058b2810 49 API calls 17770->17771 17771->17779 17773 7ff6058b833e CreateDirectoryW 17772->17773 17774 7ff6058b26b0 48 API calls 17772->17774 17775 7ff6058b834d GetLastError 17773->17775 17773->17779 17776 7ff6058b8318 CreateDirectoryW 17774->17776 17777 7ff6058b835a GetLastError 17775->17777 17775->17779 17776->17772 17778 7ff6058b2c50 51 API calls 17777->17778 17778->17779 17779->17758 17781 7ff6058c82b5 17780->17781 17782 7ff6058c82c8 17780->17782 17784 7ff6058c4f78 memcpy_s 11 API calls 17781->17784 17929 7ff6058c7f2c 17782->17929 17786 7ff6058c82ba 17784->17786 17787 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17786->17787 17788 7ff6058c82c6 17787->17788 17788->16899 17831 7ff6058d15c8 17790->17831 17890 7ff6058d1340 17831->17890 17911 7ff6058d0348 EnterCriticalSection 17890->17911 17914 7ff6058c79fa 17913->17914 17917 7ff6058c7a2d 17913->17917 17914->17917 17920 7ff6058d04e4 17914->17920 17917->17779 17918 7ff6058ca970 _isindst 17 API calls 17919 7ff6058c7a5d 17918->17919 17921 7ff6058d04fb 17920->17921 17922 7ff6058d04f1 17920->17922 17923 7ff6058c4f78 memcpy_s 11 API calls 17921->17923 17922->17921 17927 7ff6058d0517 17922->17927 17924 7ff6058d0503 17923->17924 17925 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 17924->17925 17926 7ff6058c7a29 17925->17926 17926->17917 17926->17918 17927->17926 17928 7ff6058c4f78 memcpy_s 11 API calls 17927->17928 17928->17924 17936 7ff6058d0348 EnterCriticalSection 17929->17936 17938 7ff6058b455a 17937->17938 17939 7ff6058b9400 2 API calls 17938->17939 17940 7ff6058b457f 17939->17940 17941 7ff6058bc5c0 _log10_special 8 API calls 17940->17941 17942 7ff6058b45a7 17941->17942 17942->16932 17944 7ff6058b7e1e 17943->17944 17945 7ff6058b7f42 17944->17945 17946 7ff6058b1c80 49 API calls 17944->17946 17947 7ff6058bc5c0 _log10_special 8 API calls 17945->17947 17951 7ff6058b7ea5 17946->17951 17948 7ff6058b7f73 17947->17948 17948->16932 17949 7ff6058b1c80 49 API calls 17949->17951 17950 7ff6058b4550 10 API calls 17950->17951 17951->17945 17951->17949 17951->17950 17952 7ff6058b9400 2 API calls 17951->17952 17953 7ff6058b7f13 CreateDirectoryW 17952->17953 17953->17945 17953->17951 17955 7ff6058b1613 17954->17955 17956 7ff6058b1637 17954->17956 18075 7ff6058b1050 17955->18075 17958 7ff6058b45b0 108 API calls 17956->17958 17960 7ff6058b164b 17958->17960 17959 7ff6058b1618 17961 7ff6058b162e 17959->17961 17965 7ff6058b2710 54 API calls 17959->17965 17962 7ff6058b1682 17960->17962 17963 7ff6058b1653 17960->17963 17961->16932 17964 7ff6058b45b0 108 API calls 17962->17964 17966 7ff6058c4f78 memcpy_s 11 API calls 17963->17966 17968 7ff6058b1696 17964->17968 17965->17961 17967 7ff6058b1658 17966->17967 17969 7ff6058b2910 54 API calls 17967->17969 17970 7ff6058b169e 17968->17970 17971 7ff6058b16b8 17968->17971 17972 7ff6058b1671 17969->17972 17973 7ff6058b2710 54 API calls 17970->17973 17974 7ff6058c0744 73 API calls 17971->17974 17972->16932 17975 7ff6058b16ae 17973->17975 17976 7ff6058b16cd 17974->17976 17981 7ff6058c00bc 74 API calls 17975->17981 17977 7ff6058b16d1 17976->17977 17978 7ff6058b16f9 17976->17978 17982 7ff6058c4f78 memcpy_s 11 API calls 17977->17982 17979 7ff6058b16ff 17978->17979 17980 7ff6058b1717 17978->17980 18053 7ff6058b1210 17979->18053 17987 7ff6058b1739 17980->17987 17997 7ff6058b1761 17980->17997 17984 7ff6058b1829 17981->17984 17985 7ff6058b16d6 17982->17985 17984->16932 17986 7ff6058b2910 54 API calls 17985->17986 17993 7ff6058b16ef __std_exception_copy 17986->17993 17989 7ff6058c4f78 memcpy_s 11 API calls 17987->17989 17988 7ff6058c00bc 74 API calls 17988->17975 17990 7ff6058b173e 17989->17990 17992 7ff6058b2910 54 API calls 17990->17992 17991 7ff6058c040c _fread_nolock 53 API calls 17991->17997 17992->17993 17993->17988 17994 7ff6058b17da 17996 7ff6058c4f78 memcpy_s 11 API calls 17994->17996 17998 7ff6058b17ca 17996->17998 17997->17991 17997->17993 17997->17994 17999 7ff6058b17c5 17997->17999 18106 7ff6058c0b4c 17997->18106 18001 7ff6058b2910 54 API calls 17998->18001 18000 7ff6058c4f78 memcpy_s 11 API calls 17999->18000 18000->17998 18001->17993 18003 7ff6058b717b 18002->18003 18005 7ff6058b7134 18002->18005 18003->16932 18005->18003 18139 7ff6058c5094 18005->18139 18007 7ff6058b4191 18006->18007 18008 7ff6058b44d0 49 API calls 18007->18008 18009 7ff6058b41cb 18008->18009 18010 7ff6058b44d0 49 API calls 18009->18010 18011 7ff6058b41db 18010->18011 18012 7ff6058b422c 18011->18012 18013 7ff6058b41fd 18011->18013 18015 7ff6058b4100 51 API calls 18012->18015 18154 7ff6058b4100 18013->18154 18016 7ff6058b422a 18015->18016 18017 7ff6058b4257 18016->18017 18018 7ff6058b428c 18016->18018 18161 7ff6058b7ce0 18017->18161 18019 7ff6058b4100 51 API calls 18018->18019 18021 7ff6058b42b0 18019->18021 18023 7ff6058b4100 51 API calls 18021->18023 18031 7ff6058b4302 18021->18031 18026 7ff6058b42d9 18023->18026 18024 7ff6058b4383 18027 7ff6058b1950 115 API calls 18024->18027 18025 7ff6058b2710 54 API calls 18029 7ff6058b4287 18025->18029 18026->18031 18033 7ff6058b4100 51 API calls 18026->18033 18030 7ff6058b438d 18027->18030 18028 7ff6058bc5c0 _log10_special 8 API calls 18032 7ff6058b4425 18028->18032 18029->18028 18034 7ff6058b43ee 18030->18034 18035 7ff6058b4395 18030->18035 18031->18024 18037 7ff6058b437c 18031->18037 18038 7ff6058b4307 18031->18038 18040 7ff6058b436b 18031->18040 18032->16932 18033->18031 18036 7ff6058b2710 54 API calls 18034->18036 18187 7ff6058b1840 18035->18187 18036->18038 18037->18035 18037->18038 18043 7ff6058b2710 54 API calls 18038->18043 18042 7ff6058b2710 54 API calls 18040->18042 18042->18038 18043->18029 18044 7ff6058b43c2 18046 7ff6058b1600 118 API calls 18044->18046 18045 7ff6058b43ac 18047 7ff6058b2710 54 API calls 18045->18047 18048 7ff6058b43d0 18046->18048 18047->18029 18048->18029 18049 7ff6058b2710 54 API calls 18048->18049 18049->18029 18051 7ff6058b1c80 49 API calls 18050->18051 18052 7ff6058b4464 18051->18052 18052->16932 18054 7ff6058b1268 18053->18054 18055 7ff6058b126f 18054->18055 18057 7ff6058b1297 18054->18057 18056 7ff6058b2710 54 API calls 18055->18056 18058 7ff6058b1282 18056->18058 18059 7ff6058b12b1 18057->18059 18060 7ff6058b12d4 18057->18060 18058->17993 18061 7ff6058c4f78 memcpy_s 11 API calls 18059->18061 18064 7ff6058b12e6 18060->18064 18073 7ff6058b1309 memcpy_s 18060->18073 18062 7ff6058b12b6 18061->18062 18063 7ff6058b2910 54 API calls 18062->18063 18069 7ff6058b12cf __std_exception_copy 18063->18069 18065 7ff6058c4f78 memcpy_s 11 API calls 18064->18065 18066 7ff6058b12eb 18065->18066 18068 7ff6058b2910 54 API calls 18066->18068 18067 7ff6058c040c _fread_nolock 53 API calls 18067->18073 18068->18069 18069->17993 18070 7ff6058b13cf 18071 7ff6058b2710 54 API calls 18070->18071 18071->18069 18072 7ff6058c0b4c 76 API calls 18072->18073 18073->18067 18073->18069 18073->18070 18073->18072 18074 7ff6058c0180 37 API calls 18073->18074 18074->18073 18076 7ff6058b45b0 108 API calls 18075->18076 18077 7ff6058b108c 18076->18077 18078 7ff6058b1094 18077->18078 18079 7ff6058b10a9 18077->18079 18081 7ff6058b2710 54 API calls 18078->18081 18080 7ff6058c0744 73 API calls 18079->18080 18082 7ff6058b10bf 18080->18082 18085 7ff6058b10a4 __std_exception_copy 18081->18085 18083 7ff6058b10c3 18082->18083 18086 7ff6058b10e6 18082->18086 18084 7ff6058c4f78 memcpy_s 11 API calls 18083->18084 18087 7ff6058b10c8 18084->18087 18085->17959 18089 7ff6058b1122 18086->18089 18090 7ff6058b10f7 18086->18090 18088 7ff6058b2910 54 API calls 18087->18088 18096 7ff6058b10e1 __std_exception_copy 18088->18096 18091 7ff6058b1129 18089->18091 18100 7ff6058b113c 18089->18100 18092 7ff6058c4f78 memcpy_s 11 API calls 18090->18092 18093 7ff6058b1210 92 API calls 18091->18093 18094 7ff6058b1100 18092->18094 18093->18096 18097 7ff6058b2910 54 API calls 18094->18097 18095 7ff6058c00bc 74 API calls 18098 7ff6058b11b4 18095->18098 18096->18095 18097->18096 18098->18085 18110 7ff6058b46e0 18098->18110 18099 7ff6058c040c _fread_nolock 53 API calls 18099->18100 18100->18096 18100->18099 18102 7ff6058b11ed 18100->18102 18103 7ff6058c4f78 memcpy_s 11 API calls 18102->18103 18104 7ff6058b11f2 18103->18104 18105 7ff6058b2910 54 API calls 18104->18105 18105->18096 18107 7ff6058c0b7c 18106->18107 18124 7ff6058c089c 18107->18124 18109 7ff6058c0b9a 18109->17997 18111 7ff6058b46f0 18110->18111 18112 7ff6058b9400 2 API calls 18111->18112 18113 7ff6058b471b 18112->18113 18114 7ff6058b9400 2 API calls 18113->18114 18119 7ff6058b478e 18113->18119 18116 7ff6058b4736 18114->18116 18115 7ff6058bc5c0 _log10_special 8 API calls 18117 7ff6058b47a9 18115->18117 18118 7ff6058b473b CreateSymbolicLinkW 18116->18118 18116->18119 18117->18085 18118->18119 18120 7ff6058b4765 18118->18120 18119->18115 18120->18119 18121 7ff6058b476e GetLastError 18120->18121 18121->18119 18125 7ff6058c08bc 18124->18125 18126 7ff6058c08e9 18124->18126 18125->18126 18127 7ff6058c08f1 18125->18127 18128 7ff6058c08c6 18125->18128 18126->18109 18131 7ff6058c07dc 18127->18131 18129 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 18128->18129 18129->18126 18138 7ff6058c54dc EnterCriticalSection 18131->18138 18140 7ff6058c50a1 18139->18140 18141 7ff6058c50ce 18139->18141 18142 7ff6058c4f78 memcpy_s 11 API calls 18140->18142 18151 7ff6058c5058 18140->18151 18143 7ff6058c50f1 18141->18143 18146 7ff6058c510d 18141->18146 18144 7ff6058c50ab 18142->18144 18145 7ff6058c4f78 memcpy_s 11 API calls 18143->18145 18147 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18144->18147 18148 7ff6058c50f6 18145->18148 18149 7ff6058c4fbc 45 API calls 18146->18149 18150 7ff6058c50b6 18147->18150 18152 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18148->18152 18153 7ff6058c5101 18149->18153 18150->18005 18151->18005 18152->18153 18153->18005 18155 7ff6058b4126 18154->18155 18156 7ff6058c49f4 49 API calls 18155->18156 18157 7ff6058b414c 18156->18157 18158 7ff6058b415d 18157->18158 18159 7ff6058b4550 10 API calls 18157->18159 18158->18016 18160 7ff6058b416f 18159->18160 18160->18016 18162 7ff6058b7cf5 18161->18162 18163 7ff6058b45b0 108 API calls 18162->18163 18164 7ff6058b7d1b 18163->18164 18165 7ff6058b7d42 18164->18165 18166 7ff6058b45b0 108 API calls 18164->18166 18168 7ff6058bc5c0 _log10_special 8 API calls 18165->18168 18167 7ff6058b7d32 18166->18167 18169 7ff6058b7d4c 18167->18169 18170 7ff6058b7d3d 18167->18170 18171 7ff6058b4267 18168->18171 18191 7ff6058c0154 18169->18191 18172 7ff6058c00bc 74 API calls 18170->18172 18171->18025 18171->18029 18172->18165 18174 7ff6058c00bc 74 API calls 18175 7ff6058c040c _fread_nolock 53 API calls 18181 7ff6058b7d51 18175->18181 18178 7ff6058b7db6 18180 7ff6058c0180 37 API calls 18178->18180 18179 7ff6058c0b4c 76 API calls 18179->18181 18182 7ff6058b7db1 18180->18182 18181->18175 18181->18178 18181->18179 18181->18182 18183 7ff6058c0180 37 API calls 18181->18183 18185 7ff6058c0154 37 API calls 18181->18185 18186 7ff6058b7daf 18181->18186 18182->18186 18197 7ff6058c7388 18182->18197 18183->18181 18185->18181 18186->18174 18188 7ff6058b1865 18187->18188 18190 7ff6058b18d5 18187->18190 18189 7ff6058c5094 45 API calls 18188->18189 18188->18190 18189->18188 18190->18044 18190->18045 18192 7ff6058c015d 18191->18192 18196 7ff6058c016d 18191->18196 18193 7ff6058c4f78 memcpy_s 11 API calls 18192->18193 18194 7ff6058c0162 18193->18194 18195 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18194->18195 18195->18196 18196->18181 18198 7ff6058c7390 18197->18198 18218 7ff6058c5f38 18217->18218 18219 7ff6058c5f5e 18218->18219 18221 7ff6058c5f91 18218->18221 18220 7ff6058c4f78 memcpy_s 11 API calls 18219->18220 18222 7ff6058c5f63 18220->18222 18223 7ff6058c5fa4 18221->18223 18224 7ff6058c5f97 18221->18224 18225 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18222->18225 18236 7ff6058cac98 18223->18236 18226 7ff6058c4f78 memcpy_s 11 API calls 18224->18226 18229 7ff6058b4606 18225->18229 18226->18229 18229->16958 18249 7ff6058d0348 EnterCriticalSection 18236->18249 18609 7ff6058c7968 18608->18609 18612 7ff6058c7444 18609->18612 18611 7ff6058c7981 18611->16968 18613 7ff6058c745f 18612->18613 18614 7ff6058c748e 18612->18614 18616 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 18613->18616 18622 7ff6058c54dc EnterCriticalSection 18614->18622 18617 7ff6058c747f 18616->18617 18617->18611 18624 7ff6058bfee1 18623->18624 18625 7ff6058bfeb3 18623->18625 18632 7ff6058bfed3 18624->18632 18633 7ff6058c54dc EnterCriticalSection 18624->18633 18626 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 18625->18626 18626->18632 18632->16972 18635 7ff6058b45b0 108 API calls 18634->18635 18636 7ff6058b1493 18635->18636 18637 7ff6058b14bc 18636->18637 18638 7ff6058b149b 18636->18638 18640 7ff6058c0744 73 API calls 18637->18640 18639 7ff6058b2710 54 API calls 18638->18639 18641 7ff6058b14ab 18639->18641 18642 7ff6058b14d1 18640->18642 18641->17005 18643 7ff6058b14d5 18642->18643 18644 7ff6058b14f8 18642->18644 18645 7ff6058c4f78 memcpy_s 11 API calls 18643->18645 18647 7ff6058b1532 18644->18647 18648 7ff6058b1508 18644->18648 18646 7ff6058b14da 18645->18646 18649 7ff6058b2910 54 API calls 18646->18649 18651 7ff6058b1538 18647->18651 18659 7ff6058b154b 18647->18659 18650 7ff6058c4f78 memcpy_s 11 API calls 18648->18650 18656 7ff6058b14f3 __std_exception_copy 18649->18656 18652 7ff6058b1510 18650->18652 18653 7ff6058b1210 92 API calls 18651->18653 18654 7ff6058b2910 54 API calls 18652->18654 18653->18656 18654->18656 18655 7ff6058c00bc 74 API calls 18657 7ff6058b15c4 18655->18657 18656->18655 18657->17005 18658 7ff6058c040c _fread_nolock 53 API calls 18658->18659 18659->18656 18659->18658 18660 7ff6058b15d6 18659->18660 18661 7ff6058c4f78 memcpy_s 11 API calls 18660->18661 18662 7ff6058b15db 18661->18662 18663 7ff6058b2910 54 API calls 18662->18663 18663->18656 18665 7ff6058b9400 2 API calls 18664->18665 18666 7ff6058b9084 LoadLibraryExW 18665->18666 18667 7ff6058b90a3 __std_exception_copy 18666->18667 18667->17039 18741 7ff6058b6365 18740->18741 18742 7ff6058b1c80 49 API calls 18741->18742 18743 7ff6058b63a1 18742->18743 18744 7ff6058b63cd 18743->18744 18745 7ff6058b63aa 18743->18745 18747 7ff6058b4620 49 API calls 18744->18747 18746 7ff6058b2710 54 API calls 18745->18746 18770 7ff6058b63c3 18746->18770 18748 7ff6058b63e5 18747->18748 18749 7ff6058b6403 18748->18749 18750 7ff6058b2710 54 API calls 18748->18750 18751 7ff6058b4550 10 API calls 18749->18751 18750->18749 18753 7ff6058b640d 18751->18753 18752 7ff6058bc5c0 _log10_special 8 API calls 18754 7ff6058b336e 18752->18754 18755 7ff6058b641b 18753->18755 18756 7ff6058b9070 3 API calls 18753->18756 18754->17079 18771 7ff6058b64f0 18754->18771 18757 7ff6058b4620 49 API calls 18755->18757 18756->18755 18758 7ff6058b6434 18757->18758 18759 7ff6058b6459 18758->18759 18760 7ff6058b6439 18758->18760 18762 7ff6058b9070 3 API calls 18759->18762 18761 7ff6058b2710 54 API calls 18760->18761 18761->18770 18763 7ff6058b6466 18762->18763 18764 7ff6058b64b1 18763->18764 18765 7ff6058b6472 18763->18765 18830 7ff6058b5820 GetProcAddress 18764->18830 18766 7ff6058b9400 2 API calls 18765->18766 18768 7ff6058b648a GetLastError 18766->18768 18769 7ff6058b2c50 51 API calls 18768->18769 18769->18770 18770->18752 18920 7ff6058b53f0 18771->18920 18773 7ff6058b6516 18774 7ff6058b651e 18773->18774 18775 7ff6058b652f 18773->18775 18776 7ff6058b2710 54 API calls 18774->18776 18927 7ff6058b4c80 18775->18927 18782 7ff6058b652a 18776->18782 18779 7ff6058b654c 18783 7ff6058b655c 18779->18783 18785 7ff6058b656d 18779->18785 18780 7ff6058b653b 18781 7ff6058b2710 54 API calls 18780->18781 18781->18782 18782->17075 18784 7ff6058b2710 54 API calls 18783->18784 18784->18782 18786 7ff6058b658c 18785->18786 18787 7ff6058b659d 18785->18787 18788 7ff6058b2710 54 API calls 18786->18788 18789 7ff6058b65ac 18787->18789 18790 7ff6058b65bd 18787->18790 18788->18782 18809 7ff6058b6060 18808->18809 18809->18809 18810 7ff6058b6089 18809->18810 18815 7ff6058b60a0 __std_exception_copy 18809->18815 18811 7ff6058b2710 54 API calls 18810->18811 18812 7ff6058b6095 18811->18812 18812->17077 18813 7ff6058b1470 116 API calls 18813->18815 18814 7ff6058b2710 54 API calls 18814->18815 18815->18813 18815->18814 18816 7ff6058b61ab 18815->18816 18816->17077 18831 7ff6058b586f GetProcAddress 18830->18831 18832 7ff6058b5842 GetLastError 18830->18832 18833 7ff6058b589a GetProcAddress 18831->18833 18834 7ff6058b588b GetLastError 18831->18834 18835 7ff6058b584f 18832->18835 18836 7ff6058b58c5 GetProcAddress 18833->18836 18837 7ff6058b58b6 GetLastError 18833->18837 18834->18835 18838 7ff6058b2c50 51 API calls 18835->18838 18839 7ff6058b58e1 GetLastError 18836->18839 18840 7ff6058b58f3 GetProcAddress 18836->18840 18837->18835 18841 7ff6058b5864 18838->18841 18839->18835 18842 7ff6058b5921 GetProcAddress 18840->18842 18843 7ff6058b590f GetLastError 18840->18843 18841->18770 18843->18835 18921 7ff6058b541c 18920->18921 18922 7ff6058b5424 18921->18922 18925 7ff6058b55c4 18921->18925 18951 7ff6058c6b14 18921->18951 18922->18773 18923 7ff6058b5787 __std_exception_copy 18923->18773 18924 7ff6058b47c0 47 API calls 18924->18925 18925->18923 18925->18924 18928 7ff6058b4cb0 18927->18928 18929 7ff6058bc5c0 _log10_special 8 API calls 18928->18929 18930 7ff6058b4d1a 18929->18930 18930->18779 18930->18780 18952 7ff6058c6b44 18951->18952 18955 7ff6058c6010 18952->18955 18954 7ff6058c6b74 18954->18921 18956 7ff6058c6041 18955->18956 18957 7ff6058c6053 18955->18957 18959 7ff6058c4f78 memcpy_s 11 API calls 18956->18959 18958 7ff6058c609d 18957->18958 18960 7ff6058c6060 18957->18960 18961 7ff6058c60b8 18958->18961 18964 7ff6058c4830 45 API calls 18958->18964 18962 7ff6058c6046 18959->18962 18963 7ff6058ca884 _invalid_parameter_noinfo 37 API calls 18960->18963 18969 7ff6058c60da 18961->18969 18976 7ff6058c6a9c 18961->18976 18966 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18962->18966 18968 7ff6058c6051 18963->18968 18964->18961 18966->18968 18967 7ff6058c617b 18967->18968 18970 7ff6058c4f78 memcpy_s 11 API calls 18967->18970 18968->18954 18969->18967 18971 7ff6058c4f78 memcpy_s 11 API calls 18969->18971 18972 7ff6058c6226 18970->18972 18973 7ff6058c6170 18971->18973 18975 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 18973->18975 18975->18967 18977 7ff6058c6abf 18976->18977 18978 7ff6058c6ad6 18976->18978 18982 7ff6058cffd8 18977->18982 18980 7ff6058c6ac4 18978->18980 18987 7ff6058d0008 18978->18987 18980->18961 18983 7ff6058cb1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18982->18983 18984 7ff6058cffe1 18983->18984 18988 7ff6058c4fbc 45 API calls 18987->18988 18989 7ff6058d0041 18988->18989 19028->17082 19030 7ff6058cb1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19029->19030 19031 7ff6058ca451 19030->19031 19032 7ff6058ca574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19031->19032 19033 7ff6058ca471 19032->19033 19553 7ff6058d1720 19564 7ff6058d7454 19553->19564 19565 7ff6058d7461 19564->19565 19566 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19565->19566 19567 7ff6058d747d 19565->19567 19566->19565 19568 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19567->19568 19569 7ff6058d1729 19567->19569 19568->19567 19570 7ff6058d0348 EnterCriticalSection 19569->19570 16129 7ff6058c5698 16130 7ff6058c56cf 16129->16130 16131 7ff6058c56b2 16129->16131 16130->16131 16133 7ff6058c56e2 CreateFileW 16130->16133 16180 7ff6058c4f58 16131->16180 16135 7ff6058c5716 16133->16135 16136 7ff6058c574c 16133->16136 16154 7ff6058c57ec GetFileType 16135->16154 16186 7ff6058c5c74 16136->16186 16138 7ff6058c4f78 memcpy_s 11 API calls 16141 7ff6058c56bf 16138->16141 16183 7ff6058ca950 16141->16183 16143 7ff6058c5741 CloseHandle 16148 7ff6058c56ca 16143->16148 16144 7ff6058c572b CloseHandle 16144->16148 16145 7ff6058c5780 16212 7ff6058c5a34 16145->16212 16146 7ff6058c5755 16207 7ff6058c4eec 16146->16207 16153 7ff6058c575f 16153->16148 16155 7ff6058c58f7 16154->16155 16156 7ff6058c583a 16154->16156 16158 7ff6058c5921 16155->16158 16159 7ff6058c58ff 16155->16159 16157 7ff6058c5866 GetFileInformationByHandle 16156->16157 16160 7ff6058c5b70 21 API calls 16156->16160 16161 7ff6058c588f 16157->16161 16162 7ff6058c5912 GetLastError 16157->16162 16164 7ff6058c5944 PeekNamedPipe 16158->16164 16178 7ff6058c58e2 16158->16178 16159->16162 16163 7ff6058c5903 16159->16163 16169 7ff6058c5854 16160->16169 16165 7ff6058c5a34 51 API calls 16161->16165 16167 7ff6058c4eec _fread_nolock 11 API calls 16162->16167 16166 7ff6058c4f78 memcpy_s 11 API calls 16163->16166 16164->16178 16170 7ff6058c589a 16165->16170 16166->16178 16167->16178 16169->16157 16169->16178 16229 7ff6058c5994 16170->16229 16174 7ff6058c5994 10 API calls 16175 7ff6058c58b9 16174->16175 16176 7ff6058c5994 10 API calls 16175->16176 16177 7ff6058c58ca 16176->16177 16177->16178 16179 7ff6058c4f78 memcpy_s 11 API calls 16177->16179 16236 7ff6058bc5c0 16178->16236 16179->16178 16181 7ff6058cb338 memcpy_s 11 API calls 16180->16181 16182 7ff6058c4f61 16181->16182 16182->16138 16250 7ff6058ca7e8 16183->16250 16185 7ff6058ca969 16185->16148 16187 7ff6058c5caa 16186->16187 16188 7ff6058c5d42 __std_exception_copy 16187->16188 16189 7ff6058c4f78 memcpy_s 11 API calls 16187->16189 16190 7ff6058bc5c0 _log10_special 8 API calls 16188->16190 16191 7ff6058c5cbc 16189->16191 16192 7ff6058c5751 16190->16192 16193 7ff6058c4f78 memcpy_s 11 API calls 16191->16193 16192->16145 16192->16146 16194 7ff6058c5cc4 16193->16194 16302 7ff6058c7e78 16194->16302 16196 7ff6058c5cd9 16197 7ff6058c5ce1 16196->16197 16198 7ff6058c5ceb 16196->16198 16199 7ff6058c4f78 memcpy_s 11 API calls 16197->16199 16200 7ff6058c4f78 memcpy_s 11 API calls 16198->16200 16204 7ff6058c5ce6 16199->16204 16201 7ff6058c5cf0 16200->16201 16201->16188 16202 7ff6058c4f78 memcpy_s 11 API calls 16201->16202 16203 7ff6058c5cfa 16202->16203 16205 7ff6058c7e78 45 API calls 16203->16205 16204->16188 16206 7ff6058c5d34 GetDriveTypeW 16204->16206 16205->16204 16206->16188 16208 7ff6058cb338 memcpy_s 11 API calls 16207->16208 16209 7ff6058c4ef9 Concurrency::details::SchedulerProxy::DeleteThis 16208->16209 16210 7ff6058cb338 memcpy_s 11 API calls 16209->16210 16211 7ff6058c4f1b 16210->16211 16211->16153 16214 7ff6058c5a5c 16212->16214 16213 7ff6058c578d 16222 7ff6058c5b70 16213->16222 16214->16213 16396 7ff6058cf794 16214->16396 16216 7ff6058c5af0 16216->16213 16217 7ff6058cf794 51 API calls 16216->16217 16218 7ff6058c5b03 16217->16218 16218->16213 16219 7ff6058cf794 51 API calls 16218->16219 16220 7ff6058c5b16 16219->16220 16220->16213 16221 7ff6058cf794 51 API calls 16220->16221 16221->16213 16223 7ff6058c5b8a 16222->16223 16224 7ff6058c5bc1 16223->16224 16226 7ff6058c5b9a 16223->16226 16225 7ff6058cf628 21 API calls 16224->16225 16228 7ff6058c5baa 16225->16228 16227 7ff6058c4eec _fread_nolock 11 API calls 16226->16227 16226->16228 16227->16228 16228->16153 16230 7ff6058c59b0 16229->16230 16231 7ff6058c59bd FileTimeToSystemTime 16229->16231 16230->16231 16234 7ff6058c59b8 16230->16234 16232 7ff6058c59d1 SystemTimeToTzSpecificLocalTime 16231->16232 16231->16234 16232->16234 16233 7ff6058bc5c0 _log10_special 8 API calls 16235 7ff6058c58a9 16233->16235 16234->16233 16235->16174 16237 7ff6058bc5c9 16236->16237 16238 7ff6058bc5d4 16237->16238 16239 7ff6058bc950 IsProcessorFeaturePresent 16237->16239 16238->16143 16238->16144 16240 7ff6058bc968 16239->16240 16245 7ff6058bcb48 RtlCaptureContext 16240->16245 16246 7ff6058bcb62 RtlLookupFunctionEntry 16245->16246 16247 7ff6058bc97b 16246->16247 16248 7ff6058bcb78 RtlVirtualUnwind 16246->16248 16249 7ff6058bc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16247->16249 16248->16246 16248->16247 16251 7ff6058ca813 16250->16251 16254 7ff6058ca884 16251->16254 16253 7ff6058ca83a 16253->16185 16264 7ff6058ca5cc 16254->16264 16258 7ff6058ca8bf 16258->16253 16265 7ff6058ca623 16264->16265 16266 7ff6058ca5e8 GetLastError 16264->16266 16265->16258 16270 7ff6058ca638 16265->16270 16267 7ff6058ca5f8 16266->16267 16277 7ff6058cb400 16267->16277 16271 7ff6058ca654 GetLastError SetLastError 16270->16271 16272 7ff6058ca66c 16270->16272 16271->16272 16272->16258 16273 7ff6058ca970 IsProcessorFeaturePresent 16272->16273 16274 7ff6058ca983 16273->16274 16294 7ff6058ca684 16274->16294 16278 7ff6058cb41f FlsGetValue 16277->16278 16279 7ff6058cb43a FlsSetValue 16277->16279 16280 7ff6058cb434 16278->16280 16282 7ff6058ca613 SetLastError 16278->16282 16281 7ff6058cb447 16279->16281 16279->16282 16280->16279 16283 7ff6058cec08 memcpy_s 11 API calls 16281->16283 16282->16265 16284 7ff6058cb456 16283->16284 16285 7ff6058cb474 FlsSetValue 16284->16285 16286 7ff6058cb464 FlsSetValue 16284->16286 16287 7ff6058cb492 16285->16287 16288 7ff6058cb480 FlsSetValue 16285->16288 16289 7ff6058cb46d 16286->16289 16290 7ff6058caf64 memcpy_s 11 API calls 16287->16290 16288->16289 16291 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16289->16291 16292 7ff6058cb49a 16290->16292 16291->16282 16293 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16292->16293 16293->16282 16295 7ff6058ca6be _isindst __scrt_get_show_window_mode 16294->16295 16296 7ff6058ca6e6 RtlCaptureContext RtlLookupFunctionEntry 16295->16296 16297 7ff6058ca720 RtlVirtualUnwind 16296->16297 16298 7ff6058ca756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16296->16298 16297->16298 16299 7ff6058ca7a8 _isindst 16298->16299 16300 7ff6058bc5c0 _log10_special 8 API calls 16299->16300 16301 7ff6058ca7c7 GetCurrentProcess TerminateProcess 16300->16301 16303 7ff6058c7e94 16302->16303 16304 7ff6058c7f02 16302->16304 16303->16304 16306 7ff6058c7e99 16303->16306 16339 7ff6058d0830 16304->16339 16307 7ff6058c7eb1 16306->16307 16308 7ff6058c7ece 16306->16308 16314 7ff6058c7c48 GetFullPathNameW 16307->16314 16322 7ff6058c7cbc GetFullPathNameW 16308->16322 16313 7ff6058c7ec6 __std_exception_copy 16313->16196 16315 7ff6058c7c6e GetLastError 16314->16315 16316 7ff6058c7c84 16314->16316 16317 7ff6058c4eec _fread_nolock 11 API calls 16315->16317 16320 7ff6058c4f78 memcpy_s 11 API calls 16316->16320 16321 7ff6058c7c80 16316->16321 16318 7ff6058c7c7b 16317->16318 16319 7ff6058c4f78 memcpy_s 11 API calls 16318->16319 16319->16321 16320->16321 16321->16313 16323 7ff6058c7cef GetLastError 16322->16323 16328 7ff6058c7d05 __std_exception_copy 16322->16328 16324 7ff6058c4eec _fread_nolock 11 API calls 16323->16324 16325 7ff6058c7cfc 16324->16325 16326 7ff6058c4f78 memcpy_s 11 API calls 16325->16326 16327 7ff6058c7d01 16326->16327 16330 7ff6058c7d94 16327->16330 16328->16327 16329 7ff6058c7d5f GetFullPathNameW 16328->16329 16329->16323 16329->16327 16333 7ff6058c7e08 memcpy_s 16330->16333 16334 7ff6058c7dbd __scrt_get_show_window_mode 16330->16334 16331 7ff6058c7df1 16332 7ff6058c4f78 memcpy_s 11 API calls 16331->16332 16338 7ff6058c7df6 16332->16338 16333->16313 16334->16331 16334->16333 16336 7ff6058c7e2a 16334->16336 16335 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16335->16333 16336->16333 16337 7ff6058c4f78 memcpy_s 11 API calls 16336->16337 16337->16338 16338->16335 16342 7ff6058d0640 16339->16342 16343 7ff6058d0682 16342->16343 16344 7ff6058d066b 16342->16344 16346 7ff6058d0686 16343->16346 16347 7ff6058d06a7 16343->16347 16345 7ff6058c4f78 memcpy_s 11 API calls 16344->16345 16361 7ff6058d0670 16345->16361 16368 7ff6058d07ac 16346->16368 16380 7ff6058cf628 16347->16380 16350 7ff6058d06ac 16356 7ff6058d0751 16350->16356 16362 7ff6058d06d3 16350->16362 16352 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16367 7ff6058d067b __std_exception_copy 16352->16367 16353 7ff6058d068f 16354 7ff6058c4f58 _fread_nolock 11 API calls 16353->16354 16355 7ff6058d0694 16354->16355 16358 7ff6058c4f78 memcpy_s 11 API calls 16355->16358 16356->16344 16359 7ff6058d0759 16356->16359 16357 7ff6058bc5c0 _log10_special 8 API calls 16360 7ff6058d07a1 16357->16360 16358->16361 16363 7ff6058c7c48 13 API calls 16359->16363 16360->16313 16361->16352 16364 7ff6058c7cbc 14 API calls 16362->16364 16363->16367 16365 7ff6058d0717 16364->16365 16366 7ff6058c7d94 37 API calls 16365->16366 16365->16367 16366->16367 16367->16357 16369 7ff6058d07f6 16368->16369 16370 7ff6058d07c6 16368->16370 16371 7ff6058d0801 GetDriveTypeW 16369->16371 16372 7ff6058d07e1 16369->16372 16373 7ff6058c4f58 _fread_nolock 11 API calls 16370->16373 16371->16372 16376 7ff6058bc5c0 _log10_special 8 API calls 16372->16376 16374 7ff6058d07cb 16373->16374 16375 7ff6058c4f78 memcpy_s 11 API calls 16374->16375 16377 7ff6058d07d6 16375->16377 16378 7ff6058d068b 16376->16378 16379 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16377->16379 16378->16350 16378->16353 16379->16372 16394 7ff6058da540 16380->16394 16383 7ff6058cf675 16386 7ff6058bc5c0 _log10_special 8 API calls 16383->16386 16384 7ff6058cf69c 16385 7ff6058cec08 memcpy_s 11 API calls 16384->16385 16387 7ff6058cf6ab 16385->16387 16388 7ff6058cf709 16386->16388 16389 7ff6058cf6c4 16387->16389 16390 7ff6058cf6b5 GetCurrentDirectoryW 16387->16390 16388->16350 16392 7ff6058c4f78 memcpy_s 11 API calls 16389->16392 16390->16389 16391 7ff6058cf6c9 16390->16391 16393 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16391->16393 16392->16391 16393->16383 16395 7ff6058cf65e GetCurrentDirectoryW 16394->16395 16395->16383 16395->16384 16397 7ff6058cf7c5 16396->16397 16398 7ff6058cf7a1 16396->16398 16401 7ff6058cf7ff 16397->16401 16402 7ff6058cf81e 16397->16402 16398->16397 16399 7ff6058cf7a6 16398->16399 16400 7ff6058c4f78 memcpy_s 11 API calls 16399->16400 16403 7ff6058cf7ab 16400->16403 16404 7ff6058c4f78 memcpy_s 11 API calls 16401->16404 16413 7ff6058c4fbc 16402->16413 16406 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16403->16406 16407 7ff6058cf804 16404->16407 16408 7ff6058cf7b6 16406->16408 16409 7ff6058ca950 _invalid_parameter_noinfo 37 API calls 16407->16409 16408->16216 16410 7ff6058cf80f 16409->16410 16410->16216 16411 7ff6058cf82b 16411->16410 16412 7ff6058d054c 51 API calls 16411->16412 16412->16411 16414 7ff6058c4fe0 16413->16414 16415 7ff6058c4fdb 16413->16415 16414->16415 16421 7ff6058cb1c0 GetLastError 16414->16421 16415->16411 16422 7ff6058cb1e4 FlsGetValue 16421->16422 16423 7ff6058cb201 FlsSetValue 16421->16423 16424 7ff6058cb1fb 16422->16424 16441 7ff6058cb1f1 16422->16441 16425 7ff6058cb213 16423->16425 16423->16441 16424->16423 16427 7ff6058cec08 memcpy_s 11 API calls 16425->16427 16426 7ff6058cb26d SetLastError 16428 7ff6058c4ffb 16426->16428 16429 7ff6058cb28d 16426->16429 16430 7ff6058cb222 16427->16430 16443 7ff6058cd9f4 16428->16443 16451 7ff6058ca574 16429->16451 16432 7ff6058cb240 FlsSetValue 16430->16432 16433 7ff6058cb230 FlsSetValue 16430->16433 16434 7ff6058cb25e 16432->16434 16435 7ff6058cb24c FlsSetValue 16432->16435 16437 7ff6058cb239 16433->16437 16438 7ff6058caf64 memcpy_s 11 API calls 16434->16438 16435->16437 16439 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16437->16439 16440 7ff6058cb266 16438->16440 16439->16441 16442 7ff6058ca9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16440->16442 16441->16426 16442->16426 16444 7ff6058c501e 16443->16444 16445 7ff6058cda09 16443->16445 16447 7ff6058cda60 16444->16447 16445->16444 16495 7ff6058d3374 16445->16495 16448 7ff6058cda75 16447->16448 16449 7ff6058cda88 16447->16449 16448->16449 16508 7ff6058d26c0 16448->16508 16449->16415 16460 7ff6058d36c0 16451->16460 16486 7ff6058d3678 16460->16486 16491 7ff6058d0348 EnterCriticalSection 16486->16491 16496 7ff6058cb1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16495->16496 16497 7ff6058d3383 16496->16497 16498 7ff6058d33ce 16497->16498 16507 7ff6058d0348 EnterCriticalSection 16497->16507 16498->16444 16509 7ff6058cb1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16508->16509 16510 7ff6058d26c9 16509->16510

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF6058B8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff6058b8bd0-7ff6058b8d16 call 7ff6058bc8c0 call 7ff6058b9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff6058c5460 call 7ff6058ca4ec call 7ff6058c878c call 7ff6058c5460 call 7ff6058ca4ec call 7ff6058c878c call 7ff6058c5460 call 7ff6058ca4ec call 7ff6058c878c GetCommandLineW CreateProcessW 23 7ff6058b8d18-7ff6058b8d38 GetLastError call 7ff6058b2c50 0->23 24 7ff6058b8d3d-7ff6058b8d79 RegisterClassW 0->24 31 7ff6058b9029-7ff6058b904f call 7ff6058bc5c0 23->31 26 7ff6058b8d81-7ff6058b8dd5 CreateWindowExW 24->26 27 7ff6058b8d7b GetLastError 24->27 29 7ff6058b8ddf-7ff6058b8de4 ShowWindow 26->29 30 7ff6058b8dd7-7ff6058b8ddd GetLastError 26->30 27->26 32 7ff6058b8dea-7ff6058b8dfa WaitForSingleObject 29->32 30->32 34 7ff6058b8e78-7ff6058b8e7f 32->34 35 7ff6058b8dfc 32->35 36 7ff6058b8e81-7ff6058b8e91 WaitForSingleObject 34->36 37 7ff6058b8ec2-7ff6058b8ec9 34->37 39 7ff6058b8e00-7ff6058b8e03 35->39 40 7ff6058b8fe8-7ff6058b8ff2 36->40 41 7ff6058b8e97-7ff6058b8ea7 TerminateProcess 36->41 42 7ff6058b8fb0-7ff6058b8fc9 GetMessageW 37->42 43 7ff6058b8ecf-7ff6058b8ee5 QueryPerformanceFrequency QueryPerformanceCounter 37->43 44 7ff6058b8e05 GetLastError 39->44 45 7ff6058b8e0b-7ff6058b8e12 39->45 48 7ff6058b9001-7ff6058b9025 GetExitCodeProcess CloseHandle * 2 40->48 49 7ff6058b8ff4-7ff6058b8ffa DestroyWindow 40->49 50 7ff6058b8eaf-7ff6058b8ebd WaitForSingleObject 41->50 51 7ff6058b8ea9 GetLastError 41->51 46 7ff6058b8fdf-7ff6058b8fe6 42->46 47 7ff6058b8fcb-7ff6058b8fd9 TranslateMessage DispatchMessageW 42->47 52 7ff6058b8ef0-7ff6058b8f28 MsgWaitForMultipleObjects PeekMessageW 43->52 44->45 45->36 53 7ff6058b8e14-7ff6058b8e31 PeekMessageW 45->53 46->40 46->42 47->46 48->31 49->48 50->40 51->50 56 7ff6058b8f63-7ff6058b8f6a 52->56 57 7ff6058b8f2a 52->57 54 7ff6058b8e33-7ff6058b8e64 TranslateMessage DispatchMessageW PeekMessageW 53->54 55 7ff6058b8e66-7ff6058b8e76 WaitForSingleObject 53->55 54->54 54->55 55->34 55->39 56->42 59 7ff6058b8f6c-7ff6058b8f95 QueryPerformanceCounter 56->59 58 7ff6058b8f30-7ff6058b8f61 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->52 60 7ff6058b8f9b-7ff6058b8fa2 59->60 60->40 61 7ff6058b8fa4-7ff6058b8fa8 60->61 61->42
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction ID: 7ea93715575cc0d860c363d0aa27203ce49dcaf60dd44e7354de46335901ca81
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D18532A08A9286FB109F34E854AAD37A4FF84F59F644236DE5D83A94DF3CD945CB10
                                                                                                                                                                                                                                          Function 00007FF6058B1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 62 7ff6058b1000-7ff6058b3806 call 7ff6058bfe88 call 7ff6058bfe90 call 7ff6058bc8c0 call 7ff6058c5460 call 7ff6058c54f4 call 7ff6058b36b0 76 7ff6058b3814-7ff6058b3836 call 7ff6058b1950 62->76 77 7ff6058b3808-7ff6058b380f 62->77 82 7ff6058b383c-7ff6058b3856 call 7ff6058b1c80 76->82 83 7ff6058b391b-7ff6058b3931 call 7ff6058b45b0 76->83 78 7ff6058b3c97-7ff6058b3cb2 call 7ff6058bc5c0 77->78 87 7ff6058b385b-7ff6058b389b call 7ff6058b8a20 82->87 90 7ff6058b3933-7ff6058b3960 call 7ff6058b7f80 83->90 91 7ff6058b396a-7ff6058b397f call 7ff6058b2710 83->91 97 7ff6058b38c1-7ff6058b38cc call 7ff6058c4fa0 87->97 98 7ff6058b389d-7ff6058b38a3 87->98 100 7ff6058b3984-7ff6058b39a6 call 7ff6058b1c80 90->100 101 7ff6058b3962-7ff6058b3965 call 7ff6058c00bc 90->101 102 7ff6058b3c8f 91->102 109 7ff6058b38d2-7ff6058b38e1 call 7ff6058b8a20 97->109 110 7ff6058b39fc-7ff6058b3a2a call 7ff6058b8b30 call 7ff6058b8b90 * 3 97->110 103 7ff6058b38af-7ff6058b38bd call 7ff6058b8b90 98->103 104 7ff6058b38a5-7ff6058b38ad 98->104 115 7ff6058b39b0-7ff6058b39b9 100->115 101->91 102->78 103->97 104->103 119 7ff6058b39f4-7ff6058b39f7 call 7ff6058c4fa0 109->119 120 7ff6058b38e7-7ff6058b38ed 109->120 138 7ff6058b3a2f-7ff6058b3a3e call 7ff6058b8a20 110->138 115->115 118 7ff6058b39bb-7ff6058b39d8 call 7ff6058b1950 115->118 118->87 130 7ff6058b39de-7ff6058b39ef call 7ff6058b2710 118->130 119->110 124 7ff6058b38f0-7ff6058b38fc 120->124 127 7ff6058b38fe-7ff6058b3903 124->127 128 7ff6058b3905-7ff6058b3908 124->128 127->124 127->128 128->119 131 7ff6058b390e-7ff6058b3916 call 7ff6058c4fa0 128->131 130->102 131->138 141 7ff6058b3a44-7ff6058b3a47 138->141 142 7ff6058b3b45-7ff6058b3b53 138->142 141->142 145 7ff6058b3a4d-7ff6058b3a50 141->145 143 7ff6058b3b59-7ff6058b3b5d 142->143 144 7ff6058b3a67 142->144 148 7ff6058b3a6b-7ff6058b3a90 call 7ff6058c4fa0 143->148 144->148 146 7ff6058b3b14-7ff6058b3b17 145->146 147 7ff6058b3a56-7ff6058b3a5a 145->147 150 7ff6058b3b2f-7ff6058b3b40 call 7ff6058b2710 146->150 151 7ff6058b3b19-7ff6058b3b1d 146->151 147->146 149 7ff6058b3a60 147->149 157 7ff6058b3a92-7ff6058b3aa6 call 7ff6058b8b30 148->157 158 7ff6058b3aab-7ff6058b3ac0 148->158 149->144 159 7ff6058b3c7f-7ff6058b3c87 150->159 151->150 153 7ff6058b3b1f-7ff6058b3b2a 151->153 153->148 157->158 161 7ff6058b3be8-7ff6058b3bfa call 7ff6058b8a20 158->161 162 7ff6058b3ac6-7ff6058b3aca 158->162 159->102 170 7ff6058b3c2e 161->170 171 7ff6058b3bfc-7ff6058b3c02 161->171 164 7ff6058b3ad0-7ff6058b3ae8 call 7ff6058c52c0 162->164 165 7ff6058b3bcd-7ff6058b3be2 call 7ff6058b1940 162->165 175 7ff6058b3b62-7ff6058b3b7a call 7ff6058c52c0 164->175 176 7ff6058b3aea-7ff6058b3b02 call 7ff6058c52c0 164->176 165->161 165->162 177 7ff6058b3c31-7ff6058b3c40 call 7ff6058c4fa0 170->177 173 7ff6058b3c1e-7ff6058b3c2c 171->173 174 7ff6058b3c04-7ff6058b3c1c 171->174 173->177 174->177 187 7ff6058b3b87-7ff6058b3b9f call 7ff6058c52c0 175->187 188 7ff6058b3b7c-7ff6058b3b80 175->188 176->165 184 7ff6058b3b08-7ff6058b3b0f 176->184 185 7ff6058b3d41-7ff6058b3d63 call 7ff6058b44d0 177->185 186 7ff6058b3c46-7ff6058b3c4a 177->186 184->165 201 7ff6058b3d71-7ff6058b3d82 call 7ff6058b1c80 185->201 202 7ff6058b3d65-7ff6058b3d6f call 7ff6058b4620 185->202 189 7ff6058b3c50-7ff6058b3c5f call 7ff6058b90e0 186->189 190 7ff6058b3cd4-7ff6058b3ce6 call 7ff6058b8a20 186->190 197 7ff6058b3ba1-7ff6058b3ba5 187->197 198 7ff6058b3bac-7ff6058b3bc4 call 7ff6058c52c0 187->198 188->187 204 7ff6058b3c61 189->204 205 7ff6058b3cb3-7ff6058b3cb6 call 7ff6058b8850 189->205 206 7ff6058b3d35-7ff6058b3d3c 190->206 207 7ff6058b3ce8-7ff6058b3ceb 190->207 197->198 198->165 217 7ff6058b3bc6 198->217 215 7ff6058b3d87-7ff6058b3d96 201->215 202->215 212 7ff6058b3c68 call 7ff6058b2710 204->212 216 7ff6058b3cbb-7ff6058b3cbd 205->216 206->212 207->206 213 7ff6058b3ced-7ff6058b3d10 call 7ff6058b1c80 207->213 225 7ff6058b3c6d-7ff6058b3c77 212->225 229 7ff6058b3d12-7ff6058b3d26 call 7ff6058b2710 call 7ff6058c4fa0 213->229 230 7ff6058b3d2b-7ff6058b3d33 call 7ff6058c4fa0 213->230 220 7ff6058b3dc4-7ff6058b3dda call 7ff6058b9400 215->220 221 7ff6058b3d98-7ff6058b3d9f 215->221 223 7ff6058b3cbf-7ff6058b3cc6 216->223 224 7ff6058b3cc8-7ff6058b3ccf 216->224 217->165 233 7ff6058b3de8-7ff6058b3e04 SetDllDirectoryW 220->233 234 7ff6058b3ddc 220->234 221->220 227 7ff6058b3da1-7ff6058b3da5 221->227 223->212 224->215 225->159 227->220 231 7ff6058b3da7-7ff6058b3dbe SetDllDirectoryW LoadLibraryExW 227->231 229->225 230->215 231->220 237 7ff6058b3f01-7ff6058b3f08 233->237 238 7ff6058b3e0a-7ff6058b3e19 call 7ff6058b8a20 233->238 234->233 240 7ff6058b3f0e-7ff6058b3f15 237->240 241 7ff6058b3ffc-7ff6058b4004 237->241 251 7ff6058b3e32-7ff6058b3e3c call 7ff6058c4fa0 238->251 252 7ff6058b3e1b-7ff6058b3e21 238->252 240->241 244 7ff6058b3f1b-7ff6058b3f25 call 7ff6058b33c0 240->244 245 7ff6058b4029-7ff6058b405b call 7ff6058b36a0 call 7ff6058b3360 call 7ff6058b3670 call 7ff6058b6fb0 call 7ff6058b6d60 241->245 246 7ff6058b4006-7ff6058b4023 PostMessageW GetMessageW 241->246 244->225 258 7ff6058b3f2b-7ff6058b3f3f call 7ff6058b90c0 244->258 246->245 263 7ff6058b3ef2-7ff6058b3efc call 7ff6058b8b30 251->263 264 7ff6058b3e42-7ff6058b3e48 251->264 255 7ff6058b3e23-7ff6058b3e2b 252->255 256 7ff6058b3e2d-7ff6058b3e2f 252->256 255->256 256->251 271 7ff6058b3f41-7ff6058b3f5e PostMessageW GetMessageW 258->271 272 7ff6058b3f64-7ff6058b3f7a call 7ff6058b8b30 call 7ff6058b8bd0 258->272 263->237 264->263 265 7ff6058b3e4e-7ff6058b3e54 264->265 269 7ff6058b3e5f-7ff6058b3e61 265->269 270 7ff6058b3e56-7ff6058b3e58 265->270 269->237 274 7ff6058b3e67-7ff6058b3e83 call 7ff6058b6db0 call 7ff6058b7330 269->274 270->274 275 7ff6058b3e5a 270->275 271->272 285 7ff6058b3f7f-7ff6058b3fa7 call 7ff6058b6fb0 call 7ff6058b6d60 call 7ff6058b8ad0 272->285 289 7ff6058b3e8e-7ff6058b3e95 274->289 290 7ff6058b3e85-7ff6058b3e8c 274->290 275->237 310 7ff6058b3fe9-7ff6058b3ff7 call 7ff6058b1900 285->310 311 7ff6058b3fa9-7ff6058b3fb3 call 7ff6058b9200 285->311 294 7ff6058b3eaf-7ff6058b3eb9 call 7ff6058b71a0 289->294 295 7ff6058b3e97-7ff6058b3ea4 call 7ff6058b6df0 289->295 293 7ff6058b3edb-7ff6058b3ef0 call 7ff6058b2a50 call 7ff6058b6fb0 call 7ff6058b6d60 290->293 293->237 304 7ff6058b3ec4-7ff6058b3ed2 call 7ff6058b74e0 294->304 305 7ff6058b3ebb-7ff6058b3ec2 294->305 295->294 308 7ff6058b3ea6-7ff6058b3ead 295->308 304->237 318 7ff6058b3ed4 304->318 305->293 308->293 310->225 311->310 321 7ff6058b3fb5-7ff6058b3fca 311->321 318->293 322 7ff6058b3fe4 call 7ff6058b2a50 321->322 323 7ff6058b3fcc-7ff6058b3fdf call 7ff6058b2710 call 7ff6058b1900 321->323 322->310 323->225
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                          • Opcode ID: 7c6149c83ec295aa3824364e4806b56b50599473bc5d4fd4de40d1ca8c577362
                                                                                                                                                                                                                                          • Instruction ID: 1d2d181ac6d6ab24e7e4c319cb1ad28d5e67ff1786bb00689cbf4bbc4e5df2b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6149c83ec295aa3824364e4806b56b50599473bc5d4fd4de40d1ca8c577362
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F32AF21A0C6A291FB15FB21D455BB967A9AF44F80FA44832DE5DC32D6EF2CED58C310
                                                                                                                                                                                                                                          Function 00007FF6058D5C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 477 7ff6058d5c70-7ff6058d5cab call 7ff6058d55f8 call 7ff6058d5600 call 7ff6058d5668 484 7ff6058d5ed5-7ff6058d5f21 call 7ff6058ca970 call 7ff6058d55f8 call 7ff6058d5600 call 7ff6058d5668 477->484 485 7ff6058d5cb1-7ff6058d5cbc call 7ff6058d5608 477->485 510 7ff6058d605f-7ff6058d60cd call 7ff6058ca970 call 7ff6058d15e8 484->510 511 7ff6058d5f27-7ff6058d5f32 call 7ff6058d5608 484->511 485->484 491 7ff6058d5cc2-7ff6058d5ccc 485->491 492 7ff6058d5cee-7ff6058d5cf2 491->492 493 7ff6058d5cce-7ff6058d5cd1 491->493 496 7ff6058d5cf5-7ff6058d5cfd 492->496 495 7ff6058d5cd4-7ff6058d5cdf 493->495 499 7ff6058d5ce1-7ff6058d5ce8 495->499 500 7ff6058d5cea-7ff6058d5cec 495->500 496->496 501 7ff6058d5cff-7ff6058d5d12 call 7ff6058cd66c 496->501 499->495 499->500 500->492 503 7ff6058d5d1b-7ff6058d5d29 500->503 508 7ff6058d5d14-7ff6058d5d16 call 7ff6058ca9b8 501->508 509 7ff6058d5d2a-7ff6058d5d36 call 7ff6058ca9b8 501->509 508->503 519 7ff6058d5d3d-7ff6058d5d45 509->519 531 7ff6058d60cf-7ff6058d60d6 510->531 532 7ff6058d60db-7ff6058d60de 510->532 511->510 521 7ff6058d5f38-7ff6058d5f43 call 7ff6058d5638 511->521 519->519 520 7ff6058d5d47-7ff6058d5d58 call 7ff6058d04e4 519->520 520->484 529 7ff6058d5d5e-7ff6058d5db4 call 7ff6058da540 * 4 call 7ff6058d5b8c 520->529 521->510 530 7ff6058d5f49-7ff6058d5f6c call 7ff6058ca9b8 GetTimeZoneInformation 521->530 590 7ff6058d5db6-7ff6058d5dba 529->590 548 7ff6058d5f72-7ff6058d5f93 530->548 549 7ff6058d6034-7ff6058d605e call 7ff6058d55f0 call 7ff6058d55e0 call 7ff6058d55e8 530->549 535 7ff6058d616b-7ff6058d616e 531->535 536 7ff6058d6115-7ff6058d6128 call 7ff6058cd66c 532->536 537 7ff6058d60e0 532->537 538 7ff6058d60e3 535->538 539 7ff6058d6174-7ff6058d617c call 7ff6058d5c70 535->539 553 7ff6058d6133-7ff6058d614e call 7ff6058d15e8 536->553 554 7ff6058d612a 536->554 537->538 543 7ff6058d60e8-7ff6058d6114 call 7ff6058ca9b8 call 7ff6058bc5c0 538->543 544 7ff6058d60e3 call 7ff6058d5eec 538->544 539->543 544->543 555 7ff6058d5f95-7ff6058d5f9b 548->555 556 7ff6058d5f9e-7ff6058d5fa5 548->556 572 7ff6058d6155-7ff6058d6167 call 7ff6058ca9b8 553->572 573 7ff6058d6150-7ff6058d6153 553->573 563 7ff6058d612c-7ff6058d6131 call 7ff6058ca9b8 554->563 555->556 558 7ff6058d5fa7-7ff6058d5faf 556->558 559 7ff6058d5fb9 556->559 558->559 566 7ff6058d5fb1-7ff6058d5fb7 558->566 570 7ff6058d5fbb-7ff6058d602f call 7ff6058da540 * 4 call 7ff6058d2bcc call 7ff6058d6184 * 2 559->570 563->537 566->570 570->549 572->535 573->563 592 7ff6058d5dc0-7ff6058d5dc4 590->592 593 7ff6058d5dbc 590->593 592->590 594 7ff6058d5dc6-7ff6058d5deb call 7ff6058c6bc8 592->594 593->592 600 7ff6058d5dee-7ff6058d5df2 594->600 602 7ff6058d5df4-7ff6058d5dff 600->602 603 7ff6058d5e01-7ff6058d5e05 600->603 602->603 605 7ff6058d5e07-7ff6058d5e0b 602->605 603->600 607 7ff6058d5e8c-7ff6058d5e90 605->607 608 7ff6058d5e0d-7ff6058d5e35 call 7ff6058c6bc8 605->608 610 7ff6058d5e92-7ff6058d5e94 607->610 611 7ff6058d5e97-7ff6058d5ea4 607->611 617 7ff6058d5e53-7ff6058d5e57 608->617 618 7ff6058d5e37 608->618 610->611 613 7ff6058d5ebf-7ff6058d5ece call 7ff6058d55f0 call 7ff6058d55e0 611->613 614 7ff6058d5ea6-7ff6058d5ebc call 7ff6058d5b8c 611->614 613->484 614->613 617->607 623 7ff6058d5e59-7ff6058d5e77 call 7ff6058c6bc8 617->623 621 7ff6058d5e3a-7ff6058d5e41 618->621 621->617 625 7ff6058d5e43-7ff6058d5e51 621->625 629 7ff6058d5e83-7ff6058d5e8a 623->629 625->617 625->621 629->607 630 7ff6058d5e79-7ff6058d5e7d 629->630 630->607 631 7ff6058d5e7f 630->631 631->629
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5CB5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058D5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058D561C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: GetLastError.KERNEL32(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9D8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6058CA94F,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CA979
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6058CA94F,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CA99E
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5CA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058D5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058D567C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F1A
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F2B
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F3C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6058D617C), ref: 00007FF6058D5F63
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                          • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                          • Instruction ID: aea3efa3b9e961788d8370085cc276df06fde50c9c0fc1fc9d76943951a96e33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00D1B232A0826246E724AF26D4419B967A1FF48F94F648537EE4DC7A85EF3CEC418750
                                                                                                                                                                                                                                          Function 00007FF6058D69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 691 7ff6058d69d4-7ff6058d6a47 call 7ff6058d6708 694 7ff6058d6a61-7ff6058d6a6b call 7ff6058c8590 691->694 695 7ff6058d6a49-7ff6058d6a52 call 7ff6058c4f58 691->695 701 7ff6058d6a6d-7ff6058d6a84 call 7ff6058c4f58 call 7ff6058c4f78 694->701 702 7ff6058d6a86-7ff6058d6aef CreateFileW 694->702 700 7ff6058d6a55-7ff6058d6a5c call 7ff6058c4f78 695->700 715 7ff6058d6da2-7ff6058d6dc2 700->715 701->700 703 7ff6058d6af1-7ff6058d6af7 702->703 704 7ff6058d6b6c-7ff6058d6b77 GetFileType 702->704 707 7ff6058d6b39-7ff6058d6b67 GetLastError call 7ff6058c4eec 703->707 708 7ff6058d6af9-7ff6058d6afd 703->708 710 7ff6058d6bca-7ff6058d6bd1 704->710 711 7ff6058d6b79-7ff6058d6bb4 GetLastError call 7ff6058c4eec CloseHandle 704->711 707->700 708->707 713 7ff6058d6aff-7ff6058d6b37 CreateFileW 708->713 718 7ff6058d6bd3-7ff6058d6bd7 710->718 719 7ff6058d6bd9-7ff6058d6bdc 710->719 711->700 726 7ff6058d6bba-7ff6058d6bc5 call 7ff6058c4f78 711->726 713->704 713->707 720 7ff6058d6be2-7ff6058d6c37 call 7ff6058c84a8 718->720 719->720 721 7ff6058d6bde 719->721 729 7ff6058d6c56-7ff6058d6c87 call 7ff6058d6488 720->729 730 7ff6058d6c39-7ff6058d6c45 call 7ff6058d6910 720->730 721->720 726->700 737 7ff6058d6c8d-7ff6058d6ccf 729->737 738 7ff6058d6c89-7ff6058d6c8b 729->738 730->729 736 7ff6058d6c47 730->736 741 7ff6058d6c49-7ff6058d6c51 call 7ff6058cab30 736->741 739 7ff6058d6cf1-7ff6058d6cfc 737->739 740 7ff6058d6cd1-7ff6058d6cd5 737->740 738->741 743 7ff6058d6d02-7ff6058d6d06 739->743 744 7ff6058d6da0 739->744 740->739 742 7ff6058d6cd7-7ff6058d6cec 740->742 741->715 742->739 743->744 746 7ff6058d6d0c-7ff6058d6d51 CloseHandle CreateFileW 743->746 744->715 748 7ff6058d6d53-7ff6058d6d81 GetLastError call 7ff6058c4eec call 7ff6058c86d0 746->748 749 7ff6058d6d86-7ff6058d6d9b 746->749 748->749 749->744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction ID: 7f04cfa19fc558a1d87f6a05cde6825cea2615c0a95239ef699ab38f248f6e94
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8C1C136B28A6585EB10CF65C490AAC37A1F749FA8F215236DE2E977D4DF38D851C310
                                                                                                                                                                                                                                          Function 00007FF6058D5EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 957 7ff6058d5eec-7ff6058d5f21 call 7ff6058d55f8 call 7ff6058d5600 call 7ff6058d5668 964 7ff6058d605f-7ff6058d60cd call 7ff6058ca970 call 7ff6058d15e8 957->964 965 7ff6058d5f27-7ff6058d5f32 call 7ff6058d5608 957->965 977 7ff6058d60cf-7ff6058d60d6 964->977 978 7ff6058d60db-7ff6058d60de 964->978 965->964 970 7ff6058d5f38-7ff6058d5f43 call 7ff6058d5638 965->970 970->964 976 7ff6058d5f49-7ff6058d5f6c call 7ff6058ca9b8 GetTimeZoneInformation 970->976 991 7ff6058d5f72-7ff6058d5f93 976->991 992 7ff6058d6034-7ff6058d605e call 7ff6058d55f0 call 7ff6058d55e0 call 7ff6058d55e8 976->992 980 7ff6058d616b-7ff6058d616e 977->980 981 7ff6058d6115-7ff6058d6128 call 7ff6058cd66c 978->981 982 7ff6058d60e0 978->982 983 7ff6058d60e3 980->983 984 7ff6058d6174-7ff6058d617c call 7ff6058d5c70 980->984 995 7ff6058d6133-7ff6058d614e call 7ff6058d15e8 981->995 996 7ff6058d612a 981->996 982->983 987 7ff6058d60e8-7ff6058d6114 call 7ff6058ca9b8 call 7ff6058bc5c0 983->987 988 7ff6058d60e3 call 7ff6058d5eec 983->988 984->987 988->987 997 7ff6058d5f95-7ff6058d5f9b 991->997 998 7ff6058d5f9e-7ff6058d5fa5 991->998 1012 7ff6058d6155-7ff6058d6167 call 7ff6058ca9b8 995->1012 1013 7ff6058d6150-7ff6058d6153 995->1013 1004 7ff6058d612c-7ff6058d6131 call 7ff6058ca9b8 996->1004 997->998 1000 7ff6058d5fa7-7ff6058d5faf 998->1000 1001 7ff6058d5fb9 998->1001 1000->1001 1007 7ff6058d5fb1-7ff6058d5fb7 1000->1007 1010 7ff6058d5fbb-7ff6058d602f call 7ff6058da540 * 4 call 7ff6058d2bcc call 7ff6058d6184 * 2 1001->1010 1004->982 1007->1010 1010->992 1012->980 1013->1004
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F1A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058D5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058D567C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F2B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058D5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058D561C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6058D5F3C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058D5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058D564C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: GetLastError.KERNEL32(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9D8
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6058D617C), ref: 00007FF6058D5F63
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                          • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                          • Instruction ID: d508960c3fb9abbf11ecb285b45a0fc9866e2ecb469dce473791e38ef5d14254
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE515632A1866286E710DF26E4819B967A0FF48F84F644537DE4DC7A96DF3CEC418750
                                                                                                                                                                                                                                          Function 00007FF6058B92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction ID: 3195138e31847d25bb449d56df2700366ea0a2fb9b500260db9b2acbfdc3f3a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF06822A1875287FB609B60B459B6A7394BB88B64F145335DE6D426D4DF3CE8498A00
                                                                                                                                                                                                                                          Function 00007FF6058B1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 329 7ff6058b1950-7ff6058b198b call 7ff6058b45b0 332 7ff6058b1991-7ff6058b19d1 call 7ff6058b7f80 329->332 333 7ff6058b1c4e-7ff6058b1c72 call 7ff6058bc5c0 329->333 338 7ff6058b19d7-7ff6058b19e7 call 7ff6058c0744 332->338 339 7ff6058b1c3b-7ff6058b1c3e call 7ff6058c00bc 332->339 344 7ff6058b1a08-7ff6058b1a24 call 7ff6058c040c 338->344 345 7ff6058b19e9-7ff6058b1a03 call 7ff6058c4f78 call 7ff6058b2910 338->345 343 7ff6058b1c43-7ff6058b1c4b 339->343 343->333 351 7ff6058b1a45-7ff6058b1a5a call 7ff6058c4f98 344->351 352 7ff6058b1a26-7ff6058b1a40 call 7ff6058c4f78 call 7ff6058b2910 344->352 345->339 358 7ff6058b1a5c-7ff6058b1a76 call 7ff6058c4f78 call 7ff6058b2910 351->358 359 7ff6058b1a7b-7ff6058b1afc call 7ff6058b1c80 * 2 call 7ff6058c0744 351->359 352->339 358->339 371 7ff6058b1b01-7ff6058b1b14 call 7ff6058c4fb4 359->371 374 7ff6058b1b35-7ff6058b1b4e call 7ff6058c040c 371->374 375 7ff6058b1b16-7ff6058b1b30 call 7ff6058c4f78 call 7ff6058b2910 371->375 381 7ff6058b1b50-7ff6058b1b6a call 7ff6058c4f78 call 7ff6058b2910 374->381 382 7ff6058b1b6f-7ff6058b1b8b call 7ff6058c0180 374->382 375->339 381->339 389 7ff6058b1b9e-7ff6058b1bac 382->389 390 7ff6058b1b8d-7ff6058b1b99 call 7ff6058b2710 382->390 389->339 392 7ff6058b1bb2-7ff6058b1bb9 389->392 390->339 395 7ff6058b1bc1-7ff6058b1bc7 392->395 396 7ff6058b1be0-7ff6058b1bef 395->396 397 7ff6058b1bc9-7ff6058b1bd6 395->397 396->396 398 7ff6058b1bf1-7ff6058b1bfa 396->398 397->398 399 7ff6058b1c0f 398->399 400 7ff6058b1bfc-7ff6058b1bff 398->400 402 7ff6058b1c11-7ff6058b1c24 399->402 400->399 401 7ff6058b1c01-7ff6058b1c04 400->401 401->399 403 7ff6058b1c06-7ff6058b1c09 401->403 404 7ff6058b1c26 402->404 405 7ff6058b1c2d-7ff6058b1c39 402->405 403->399 406 7ff6058b1c0b-7ff6058b1c0d 403->406 404->405 405->339 405->395 406->402
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B7F80: _fread_nolock.LIBCMT ref: 00007FF6058B802A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF6058B1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6058B1B6A), ref: 00007FF6058B295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: 71146916c0c9099706f714157d3aef073617a07ebfbf74c53cf41f504c15e58d
                                                                                                                                                                                                                                          • Instruction ID: f1a91e9918d5ae8c24b159f2d9e347d7653b53925efa363bfa1d1ef6ffa3a397
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71146916c0c9099706f714157d3aef073617a07ebfbf74c53cf41f504c15e58d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B081C271A086A685FB20EB24D069EB923A4EF44F84F604532DD8DCB795DF3CE985CB50
                                                                                                                                                                                                                                          Function 00007FF6058B1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 407 7ff6058b1600-7ff6058b1611 408 7ff6058b1613-7ff6058b161c call 7ff6058b1050 407->408 409 7ff6058b1637-7ff6058b1651 call 7ff6058b45b0 407->409 414 7ff6058b162e-7ff6058b1636 408->414 415 7ff6058b161e-7ff6058b1629 call 7ff6058b2710 408->415 416 7ff6058b1682-7ff6058b169c call 7ff6058b45b0 409->416 417 7ff6058b1653-7ff6058b1681 call 7ff6058c4f78 call 7ff6058b2910 409->417 415->414 424 7ff6058b169e-7ff6058b16b3 call 7ff6058b2710 416->424 425 7ff6058b16b8-7ff6058b16cf call 7ff6058c0744 416->425 431 7ff6058b1821-7ff6058b1824 call 7ff6058c00bc 424->431 432 7ff6058b16d1-7ff6058b16f4 call 7ff6058c4f78 call 7ff6058b2910 425->432 433 7ff6058b16f9-7ff6058b16fd 425->433 440 7ff6058b1829-7ff6058b183b 431->440 446 7ff6058b1819-7ff6058b181c call 7ff6058c00bc 432->446 434 7ff6058b16ff-7ff6058b170b call 7ff6058b1210 433->434 435 7ff6058b1717-7ff6058b1737 call 7ff6058c4fb4 433->435 442 7ff6058b1710-7ff6058b1712 434->442 447 7ff6058b1761-7ff6058b176c 435->447 448 7ff6058b1739-7ff6058b175c call 7ff6058c4f78 call 7ff6058b2910 435->448 442->446 446->431 451 7ff6058b1802-7ff6058b180a call 7ff6058c4fa0 447->451 452 7ff6058b1772-7ff6058b1777 447->452 460 7ff6058b180f-7ff6058b1814 448->460 451->460 455 7ff6058b1780-7ff6058b17a2 call 7ff6058c040c 452->455 462 7ff6058b17a4-7ff6058b17bc call 7ff6058c0b4c 455->462 463 7ff6058b17da-7ff6058b17e6 call 7ff6058c4f78 455->463 460->446 468 7ff6058b17be-7ff6058b17c1 462->468 469 7ff6058b17c5-7ff6058b17d8 call 7ff6058c4f78 462->469 470 7ff6058b17ed-7ff6058b17f8 call 7ff6058b2910 463->470 468->455 471 7ff6058b17c3 468->471 469->470 474 7ff6058b17fd 470->474 471->474 474->451
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                          • Opcode ID: 09250c35733c7288d494a8b559120a17bced8e02cc052d24a1c7d21c225d71f9
                                                                                                                                                                                                                                          • Instruction ID: 4476a70701b0f6c85c961c9beba4feccfcb69fe9a4423dc1f1be583ff9c56bb1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09250c35733c7288d494a8b559120a17bced8e02cc052d24a1c7d21c225d71f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B51B021F08A6792FA10AB119425DBA63A4BF44F94F644532EE0C8B7D6EF3CED55C740
                                                                                                                                                                                                                                          Function 00007FF6058B8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF6058B3CBB), ref: 00007FF6058B88F4
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6058B3CBB), ref: 00007FF6058B88FA
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6058B3CBB), ref: 00007FF6058B893C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8A20: GetEnvironmentVariableW.KERNEL32(00007FF6058B388E), ref: 00007FF6058B8A57
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6058B8A79
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058C82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058C82C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2810: MessageBoxW.USER32 ref: 00007FF6058B28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                          • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                          • Instruction ID: 9bc49b19e792a4cc9d31c37e451bd285a8e732af7a8adc862f067d488fc56143
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A741C511A1966241FE20FB65A856AFA1399AF89FC0F604531ED0DC77DADE3CED05CB00
                                                                                                                                                                                                                                          Function 00007FF6058B1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 754 7ff6058b1210-7ff6058b126d call 7ff6058bbdf0 757 7ff6058b126f-7ff6058b1296 call 7ff6058b2710 754->757 758 7ff6058b1297-7ff6058b12af call 7ff6058c4fb4 754->758 763 7ff6058b12b1-7ff6058b12cf call 7ff6058c4f78 call 7ff6058b2910 758->763 764 7ff6058b12d4-7ff6058b12e4 call 7ff6058c4fb4 758->764 775 7ff6058b1439-7ff6058b144e call 7ff6058bbad0 call 7ff6058c4fa0 * 2 763->775 770 7ff6058b1309-7ff6058b131b 764->770 771 7ff6058b12e6-7ff6058b1304 call 7ff6058c4f78 call 7ff6058b2910 764->771 774 7ff6058b1320-7ff6058b1345 call 7ff6058c040c 770->774 771->775 782 7ff6058b1431 774->782 783 7ff6058b134b-7ff6058b1355 call 7ff6058c0180 774->783 791 7ff6058b1453-7ff6058b146d 775->791 782->775 783->782 790 7ff6058b135b-7ff6058b1367 783->790 792 7ff6058b1370-7ff6058b1398 call 7ff6058ba230 790->792 795 7ff6058b1416-7ff6058b142c call 7ff6058b2710 792->795 796 7ff6058b139a-7ff6058b139d 792->796 795->782 797 7ff6058b1411 796->797 798 7ff6058b139f-7ff6058b13a9 796->798 797->795 800 7ff6058b13d4-7ff6058b13d7 798->800 801 7ff6058b13ab-7ff6058b13b9 call 7ff6058c0b4c 798->801 802 7ff6058b13d9-7ff6058b13e7 call 7ff6058d9ea0 800->802 803 7ff6058b13ea-7ff6058b13ef 800->803 807 7ff6058b13be-7ff6058b13c1 801->807 802->803 803->792 806 7ff6058b13f5-7ff6058b13f8 803->806 809 7ff6058b140c-7ff6058b140f 806->809 810 7ff6058b13fa-7ff6058b13fd 806->810 811 7ff6058b13cf-7ff6058b13d2 807->811 812 7ff6058b13c3-7ff6058b13cd call 7ff6058c0180 807->812 809->782 810->795 813 7ff6058b13ff-7ff6058b1407 810->813 811->795 812->803 812->811 813->774
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                          • Instruction ID: 74e16aef27c60c84b235ab08d7beb0def07c0831dacdad23b74bee76bd201abe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF512522A0866286FA60EB11A420BBA6795FF85F94F644235ED4DCB7D5EF3CEC41C700
                                                                                                                                                                                                                                          Function 00007FF6058B36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF6058B3804), ref: 00007FF6058B36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B3804), ref: 00007FF6058B36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: MessageBoxW.USER32 ref: 00007FF6058B2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction ID: 8c6376224d279ece711e840e829ff5fa5ab5926e0f5191cf2a0c5bd59491dedc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6721B861F1C66381FA20A720E815BB62398BF48F55F604636DE5EC25D5EF2CED04C704
                                                                                                                                                                                                                                          Function 00007FF6058CBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 844 7ff6058cbacc-7ff6058cbaf2 845 7ff6058cbaf4-7ff6058cbb08 call 7ff6058c4f58 call 7ff6058c4f78 844->845 846 7ff6058cbb0d-7ff6058cbb11 844->846 862 7ff6058cbefe 845->862 848 7ff6058cbee7-7ff6058cbef3 call 7ff6058c4f58 call 7ff6058c4f78 846->848 849 7ff6058cbb17-7ff6058cbb1e 846->849 868 7ff6058cbef9 call 7ff6058ca950 848->868 849->848 851 7ff6058cbb24-7ff6058cbb52 849->851 851->848 854 7ff6058cbb58-7ff6058cbb5f 851->854 857 7ff6058cbb61-7ff6058cbb73 call 7ff6058c4f58 call 7ff6058c4f78 854->857 858 7ff6058cbb78-7ff6058cbb7b 854->858 857->868 860 7ff6058cbee3-7ff6058cbee5 858->860 861 7ff6058cbb81-7ff6058cbb87 858->861 865 7ff6058cbf01-7ff6058cbf18 860->865 861->860 866 7ff6058cbb8d-7ff6058cbb90 861->866 862->865 866->857 869 7ff6058cbb92-7ff6058cbbb7 866->869 868->862 872 7ff6058cbbea-7ff6058cbbf1 869->872 873 7ff6058cbbb9-7ff6058cbbbb 869->873 877 7ff6058cbbf3-7ff6058cbc1b call 7ff6058cd66c call 7ff6058ca9b8 * 2 872->877 878 7ff6058cbbc6-7ff6058cbbdd call 7ff6058c4f58 call 7ff6058c4f78 call 7ff6058ca950 872->878 875 7ff6058cbbe2-7ff6058cbbe8 873->875 876 7ff6058cbbbd-7ff6058cbbc4 873->876 880 7ff6058cbc68-7ff6058cbc7f 875->880 876->875 876->878 905 7ff6058cbc1d-7ff6058cbc33 call 7ff6058c4f78 call 7ff6058c4f58 877->905 906 7ff6058cbc38-7ff6058cbc63 call 7ff6058cc2f4 877->906 909 7ff6058cbd70 878->909 884 7ff6058cbc81-7ff6058cbc89 880->884 885 7ff6058cbcfa-7ff6058cbd04 call 7ff6058d398c 880->885 884->885 889 7ff6058cbc8b-7ff6058cbc8d 884->889 897 7ff6058cbd8e 885->897 898 7ff6058cbd0a-7ff6058cbd1f 885->898 889->885 890 7ff6058cbc8f-7ff6058cbca5 889->890 890->885 894 7ff6058cbca7-7ff6058cbcb3 890->894 894->885 899 7ff6058cbcb5-7ff6058cbcb7 894->899 901 7ff6058cbd93-7ff6058cbdb3 ReadFile 897->901 898->897 903 7ff6058cbd21-7ff6058cbd33 GetConsoleMode 898->903 899->885 904 7ff6058cbcb9-7ff6058cbcd1 899->904 907 7ff6058cbead-7ff6058cbeb6 GetLastError 901->907 908 7ff6058cbdb9-7ff6058cbdc1 901->908 903->897 910 7ff6058cbd35-7ff6058cbd3d 903->910 904->885 914 7ff6058cbcd3-7ff6058cbcdf 904->914 905->909 906->880 911 7ff6058cbed3-7ff6058cbed6 907->911 912 7ff6058cbeb8-7ff6058cbece call 7ff6058c4f78 call 7ff6058c4f58 907->912 908->907 916 7ff6058cbdc7 908->916 913 7ff6058cbd73-7ff6058cbd7d call 7ff6058ca9b8 909->913 910->901 918 7ff6058cbd3f-7ff6058cbd61 ReadConsoleW 910->918 922 7ff6058cbedc-7ff6058cbede 911->922 923 7ff6058cbd69-7ff6058cbd6b call 7ff6058c4eec 911->923 912->909 913->865 914->885 921 7ff6058cbce1-7ff6058cbce3 914->921 925 7ff6058cbdce-7ff6058cbde3 916->925 927 7ff6058cbd82-7ff6058cbd8c 918->927 928 7ff6058cbd63 GetLastError 918->928 921->885 932 7ff6058cbce5-7ff6058cbcf5 921->932 922->913 923->909 925->913 934 7ff6058cbde5-7ff6058cbdf0 925->934 927->925 928->923 932->885 937 7ff6058cbdf2-7ff6058cbe0b call 7ff6058cb6e4 934->937 938 7ff6058cbe17-7ff6058cbe1f 934->938 946 7ff6058cbe10-7ff6058cbe12 937->946 939 7ff6058cbe21-7ff6058cbe33 938->939 940 7ff6058cbe9b-7ff6058cbea8 call 7ff6058cb524 938->940 943 7ff6058cbe35 939->943 944 7ff6058cbe8e-7ff6058cbe96 939->944 940->946 947 7ff6058cbe3a-7ff6058cbe41 943->947 944->913 946->913 949 7ff6058cbe43-7ff6058cbe47 947->949 950 7ff6058cbe7d-7ff6058cbe88 947->950 951 7ff6058cbe63 949->951 952 7ff6058cbe49-7ff6058cbe50 949->952 950->944 954 7ff6058cbe69-7ff6058cbe79 951->954 952->951 953 7ff6058cbe52-7ff6058cbe56 952->953 953->951 955 7ff6058cbe58-7ff6058cbe61 953->955 954->947 956 7ff6058cbe7b 954->956 955->954 956->944
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                          • Instruction ID: e56336a5a096ee912e23782d3ad63c93b0eafe0467255d7e6c4f2917c79a7556
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66C1E722A0CEA641E7609B159442ABD7FA0EF81F81FB54A31EE4E87791CF7CEC558710
                                                                                                                                                                                                                                          Function 00007FF6058B8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                                                          • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                          • Instruction ID: a6054b500e842b0f5aac4a55a8ed6896ebe89b475b38244668498b96f6698eb5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF216231E0C65242EB10AB55F454A3EA7A8FF85BA1F204235EE6D83AE4DF7CDC448B00
                                                                                                                                                                                                                                          Function 00007FF6058B90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: GetCurrentProcess.KERNEL32 ref: 00007FF6058B8780
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: OpenProcessToken.ADVAPI32 ref: 00007FF6058B8793
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: GetTokenInformation.KERNELBASE ref: 00007FF6058B87B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: GetLastError.KERNEL32 ref: 00007FF6058B87C2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: GetTokenInformation.KERNELBASE ref: 00007FF6058B8802
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6058B881E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B8760: CloseHandle.KERNEL32 ref: 00007FF6058B8836
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF6058B3C55), ref: 00007FF6058B916C
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF6058B3C55), ref: 00007FF6058B9175
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                          • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                          • Instruction ID: 0152d1d841fecbd70ee5ae7b600efa7fa94e13c2f6c7fb1fc583ec48f879d9f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F216021A0875282FB10BB10E515AEA63A8FF88B80F644036EE4DD7796DF3CED458750
                                                                                                                                                                                                                                          Function 00007FF6058B7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6058B352C,?,00000000,00007FF6058B3F23), ref: 00007FF6058B7F22
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                          • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                          • Instruction ID: fbe20e4f6f6bba5d9b304382c1332697a68d48ce2eaf937d93b605f3eda9b524
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C31C621619AD245FB21AB21E850BEA6358FF84FE4F640231EE6DC77C9DF2CDA058700
                                                                                                                                                                                                                                          Function 00007FF6058CCFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6058CCFBB), ref: 00007FF6058CD0EC
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6058CCFBB), ref: 00007FF6058CD177
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                                          • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                          • Instruction ID: 96ff8bbe3d5ff122457526ac6ec0944be235f04e39a7b9722810b09614ac1838
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF91E772F196A185F750AF659440ABD6FA0BB44F88F64463ADE0E97A85CF3CEC42C700
                                                                                                                                                                                                                                          Function 00007FF6058CF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction ID: be8d30d39c67e705c6a4ca2f9bad44d451a8031d6126e42283042ee63f68d618
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51FA72F0812187FB18DF24D955ABC2BA6AB40B58F714636EE1DD2AE5DF38AC41C700
                                                                                                                                                                                                                                          Function 00007FF6058C57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                                          • Opcode ID: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                                                          • Instruction ID: d940139d0cefafab561b71e8469c60661e22370a19239320600e2b8d943593bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F651A132E046518AFB10DF71E4507BD2BB1BB48F58F244A35DE0D9B688DF38E8458710
                                                                                                                                                                                                                                          Function 00007FF6058C5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                          • Instruction ID: a0d7e91866ed9d6fd9211b19bfccba33caf4941b8c7ea7bc104afcea33d304fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F541B332E1879283EB109B20955077967A0FB94BA4F208735EE9C43AD2DF7CB9E08710
                                                                                                                                                                                                                                          Function 00007FF6058BCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction ID: 66b92e3e7e41c72f1fa28cf001f490202278491a99e8fcfed8da1695ce5ac54f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B316D24E4917791FA54BB24D422BB92B959F45F84F784435DD4EC72D3DE2DBC05C210
                                                                                                                                                                                                                                          Function 00007FF6058C01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction ID: ff9aa124da6ea3585927928471bedbf6d1259e906e8efecb892a1a29d6891c4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7751E321B09662C6EA29DA759408E7E6A91AF44FE4F344B35EE6D877C5CF3CEC018600
                                                                                                                                                                                                                                          Function 00007FF6058CC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction ID: 1a50a2934c85bba99ff43632cfa548ad0cef9fab2e81afb9c23dce78337a875b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5112361B18AA181DA108B26B8044696761FB45FF0F744732EE7E8B7E8CF3CD8118700
                                                                                                                                                                                                                                          Function 00007FF6058C5994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6058C58A9), ref: 00007FF6058C59C7
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6058C58A9), ref: 00007FF6058C59DD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                                          • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                          • Instruction ID: a7f7f4ddf8728788ae029e87b8de4305f4a48863a6e1fe6080879ada2645842d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711823261C62282EA544B51A44193ABBA0FB84B61F600736EE9DC5AD8EF3CE814DF00
                                                                                                                                                                                                                                          Function 00007FF6058CA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9CE
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction ID: 55d28f5b58712d62d18cd054e36e8c015ff12c7c788ef72553d5f5e33de2a7c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E08610F0861643FF085BB2585693C1A916F88F42F254935CC1DC62A1DF3C6C858710
                                                                                                                                                                                                                                          Function 00007FF6058CABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF6058CAA45,?,?,00000000,00007FF6058CAAFA), ref: 00007FF6058CAC36
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058CAA45,?,?,00000000,00007FF6058CAAFA), ref: 00007FF6058CAC40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction ID: a1588a20dde94b78a8bc2f83d14c71e0a101c01441fd2cb891a2202aa329d1a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E321D511F1C66642FE9857619494A7D1A929F84FA0F284B39DE2EC77C1DF7CEC458700
                                                                                                                                                                                                                                          Function 00007FF6058CBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction ID: f0ae24a5e0d2fceec5fe69bac93782a0f279d7f2cec546ff2d8fe4d45199d1ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09411132A1861187EA34CB19A441A797BA0EB46F91F600B31DE9EC3791CF3DEC42CB51
                                                                                                                                                                                                                                          Function 00007FF6058B7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                                                          • Instruction ID: 8fc98fa340948eee28d23976f252e0342d169baeec0182cb9a4a6563aa35c43d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3621BC21B1867185FA14AB526504BBAA799BF45FC4F9C4430EE4D87786CF7DE842CB00
                                                                                                                                                                                                                                          Function 00007FF6058CB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                          • Instruction ID: 059bc0b131aadf2c4188fbec96bd7d9555f200e763ad3f0f459ab3439bb22949
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8131D231A28A6285F7105B558802B7C2E50AF40F96FB10B35ED6D833E2CF7CEC918720
                                                                                                                                                                                                                                          Function 00007FF6058C6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 6004a3caf01c052bc90db5314c22fc3f98b012d98fa7817b73198c9bf04105f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A119332A2C66581EE649F11941097EAA60AF45F80F644A31FF4CD7A96DF3DED408700
                                                                                                                                                                                                                                          Function 00007FF6058D63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction ID: 5c870e49260b33c6185189260350fc952cb151d4f625ebea9e0f18f6f0800b72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B072A18A5686DB648F19D440B7977A1EB84FA4F340235EE9EC76D9EF3DD8008B00
                                                                                                                                                                                                                                          Function 00007FF6058C042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 5c4aab057678ecafcef8f4f4f256a134aa56a6d0912d6b0b0d5cdf0952d86d7e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3001C861A08761C0EA04DF52990186EAA91BF85FE4F284B71EE5C97BD6CF3CE9014300
                                                                                                                                                                                                                                          Function 00007FF6058CEC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF6058CB39A,?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA), ref: 00007FF6058CEC5D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction ID: b50250b1aad8558b2e1c0228e61b9b4ad72023567b0b01414f8607092513f1c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36F09040B6932741FE5A5B6258A1BB50A885F88F80F7C5E31CD0EC63D1DF3CEC808220
                                                                                                                                                                                                                                          Function 00007FF6058CD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF6058C0D00,?,?,?,00007FF6058C236A,?,?,?,?,?,00007FF6058C3B59), ref: 00007FF6058CD6AA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction ID: d5564aaa478b89040d155f5dfbaaa5c6cd008f69d24bc232a2a3ea58281e36f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F05800B0A3A655FE6477615811E786A904F94FA0F280B30DC2EC53D2DF3CAC80D660

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF6058B76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                          • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                          • Instruction ID: 6315ac481c95b9491f9fb52f37489eb62924f9d54a43b69adda3217fd80bbb42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3502B120A8EB27D1FA54AB55A814DB423A5EF48F55F755036CC2EC62A0EF3CBD48C720
                                                                                                                                                                                                                                          Function 00007FF6058D411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                          • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                          • Instruction ID: acbcd9f539ecd9e20707de361578b6878a8485666cdf38315b88fd13e16e27ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6B2D672A182A28BEB648E65D440FFD37E1FB54B88F605136DE0D97A94DF78AD00CB50
                                                                                                                                                                                                                                          Function 00007FF6058B83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B841B
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B849E
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B84BD
                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B84CB
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B84DC
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF6058B8B09,00007FF6058B3FA5), ref: 00007FF6058B84E5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                          • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction ID: bc58a4a0b9fabd09d0ad91e19197853d9295f780b6b3f24c19c5f764af7865d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2414321A0C96295FE20BB64E4489B963A8FB94F54F600636DD5DC36D4DF3CED4A8F01
                                                                                                                                                                                                                                          Function 00007FF6058BAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                          • API String ID: 0-2665694366
                                                                                                                                                                                                                                          • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                          • Instruction ID: 76d52a1cb4d9f350a91d19b743e58b022d0a1c223cbb8957ddf6b961bcec54e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8152D272A146B68BE7A89E14C458F7E3BADFB44741F114139EA9A87780DF39EC44CB40
                                                                                                                                                                                                                                          Function 00007FF6058BD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction ID: dd92538001f192dc7df20142ec37e27e59785670d0cee495bdd0b8325dee5dc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12316172609B9186EB609F60E8807EE73A4FB84B45F54403ADE4D87B94EF7CD948CB10
                                                                                                                                                                                                                                          Function 00007FF6058CA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                          • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                          • Instruction ID: a57bb3346c2804226925fd7c73cd6aa3180889fc0ea71e7d3c138da77407dd3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC319536618F9186EB64DF25E8406AE77A4FB88B54F640636EE8D83B54DF3CC945CB00
                                                                                                                                                                                                                                          Function 00007FF6058D18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                                          • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                          • Instruction ID: 875e3314d8cf073f09cc5483f01893c77c5a364b43bb0206e97a19d0c5078caf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFB1C522B186A641EA619B61A4089BD63D1EF84FE4F644133EE5D87BC5EF3CEC41C310
                                                                                                                                                                                                                                          Function 00007FF6058BD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                          • Instruction ID: 801f5410acbeb31072bcd03dd7c577e93fa780716a82583cfedeecc77886133c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC115A26B14F168AEB00DF60E8446B933B4FB19B58F140E35DE2D86BA8EF3CD9548340
                                                                                                                                                                                                                                          Function 00007FF6058D3C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction ID: 2880ab16ca3a673124fc1e6ec9aad3c726a0e29391c4600993d5e6feb9f480ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCC1D472B1869A87DB248F19A044A6AB7E1F794B84F558136DF4E83B94DF3DEC01CB40
                                                                                                                                                                                                                                          Function 00007FF6058BA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                          • API String ID: 0-1127688429
                                                                                                                                                                                                                                          • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                          • Instruction ID: 8d3688fd8f051ef486284834c19122dde983b24a88bfd96c5ca4c8363c9e5f6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F16162A183E58BF7A9AB158088E3E3BADEF45B40F254538DE5986791CF38ED41C740
                                                                                                                                                                                                                                          Function 00007FF6058D9798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                                                          • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                          • Instruction ID: 3e1636c0db68fb2d166f356a873327deb410b22ebc32cce9e341722217259a88
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBB14873A04B998AEB15CF29C8867683BE0F784F48F258922DE5D837A4CF39D851C710
                                                                                                                                                                                                                                          Function 00007FF6058C3A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                                                          • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                          • Instruction ID: 010a68987be6ee8ed326fc5f3a688a6e6a0f815b9cf3ca7e9b2e8cac778d665d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64E19E32A0866686EB688A29905097D3BA0FB45F48F348F35DE4E87794DF39EC52C700
                                                                                                                                                                                                                                          Function 00007FF6058BA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                          • API String ID: 0-900081337
                                                                                                                                                                                                                                          • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                          • Instruction ID: b1d9968e498ac9f635fdd09012006528071e013a66c7c4ee08dd4852ee825056
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C917572A182E687F7A99A14D488F3E3AADFB44754F214139DE5A86780DF3CED40CB40
                                                                                                                                                                                                                                          Function 00007FF6058CDF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                                                                          • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                          • Instruction ID: e4543d5b039336880a8e1cf4cff589786c8399799861d732415b870dadb5d57a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07518962B182E546E7258E35D800B696B95F744F94F58C732CF988BAC1CF3DE840C700
                                                                                                                                                                                                                                          Function 00007FF6058D0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                                          • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                          • Instruction ID: d842baa92d93306e1e086647639db171b334c0a6731e97446f388acfbae47f9a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B029021B1D66681FA65AB11A809E7D27D0AF45F90F754636DD6DCB3D2EF3CAC018320
                                                                                                                                                                                                                                          Function 00007FF6058CDACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                                                          • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                          • Instruction ID: c5f6452b1b75251c57854175ef8b60c8cf341ba2955b93f5a9e01342bf93fe1b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA14562A0A7D586EB21DF25A400BB97B90EB61B84F248632DF8D87785DF3DE901C301
                                                                                                                                                                                                                                          Function 00007FF6058C8804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                          • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                          • Instruction ID: bc598646f2ae4335ba5c7e5dc7f2dea8e838340b4b4162891b24812ba546f741
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C51E511F5822741FA68EB265902D7A5A90AF44FC4F784A35DE0EC7BD6EF3CEC068600
                                                                                                                                                                                                                                          Function 00007FF6058D34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                          • Instruction ID: 3ca86f9a68ca2cd66c27461e0307c793f66a2e444ef36888d3fd02e0cc225726
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30B09220E07A12C2EA082B216C82A1823A57F48B02FA90139C80C80330DE3C28E55B10
                                                                                                                                                                                                                                          Function 00007FF6058C3610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                          • Instruction ID: 159634332cbc5542aa42bfb43529f168b9b61e4cbc6975f055e6c49b88047b40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFD1D462A0866286EB68CE298151A7D2BA0FB45F48F348F35CE4D87795DF3DEC46C740
                                                                                                                                                                                                                                          Function 00007FF6058B9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                          • Instruction ID: e378f6c524ddbd2e5179e0bf136ee6eb2b1dfcf0219ee34187f271cdc10c903b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99C18E762181E08BE28AEB29E47947A73E1F78930DB95406BEF87477C5CB3CA514DB10
                                                                                                                                                                                                                                          Function 00007FF6058C2C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                          • Instruction ID: 9ca5b824458d902bdcd4c601c78f1aa18a33504f0d17a86cf248aa29779a6091
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44B1497AA187A985EB65CF298050A7C3FA0E74AF48F344A35DE8E87395CF39D841C744
                                                                                                                                                                                                                                          Function 00007FF6058CE5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                          • Instruction ID: 62ab38d84b723a32c7869da116e69625a1c75831986bf070151da59f681e8a9d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2081D172A1C79186E775CB29A481B7A7E95FB45B94F244B35DE8D83B95CF3CE8008B00
                                                                                                                                                                                                                                          Function 00007FF6058D6488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                                                          • Instruction ID: 12cfc81571402cfc5adede6a164f25053c672e8d5502676dde6a1c7fc714fb81
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2961D722E0C5BA46F764892A9454A7D67D0AF41BA0F38423ADE1DC66D5FF7EEC408B10
                                                                                                                                                                                                                                          Function 00007FF6058C1DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                          • Instruction ID: 52af2daf16a780c82a160ecb0bc75d290ff16a626796328940e3b4e6875c0e16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32518C36A1466185E7648B19D0946383BA1EB45F58F344731DE8DD7796CF3AEC43C740
                                                                                                                                                                                                                                          Function 00007FF6058C21D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                          • Instruction ID: c9c65b82185ce572e2b00c09f4b6f40d5575461467d362c23485e17a82423b66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251447AA1866185E7648B29C044A397BA0EB54F68F344731DE8E977E4CF3AEC53C740
                                                                                                                                                                                                                                          Function 00007FF6058C19B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                          • Instruction ID: 247af8407ae1fec54ec573e372131de949910dac0db9f77b4df9d6a7c3bd43bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38517676B1876186E7248B29D0886393BA0EB85F58F344631CE4D97796DF3AEC53CB40
                                                                                                                                                                                                                                          Function 00007FF6058C1FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                          • Instruction ID: e45a261acd1086a036b892a433e12e3df0f8aa473db959ce9061b1968e3d0f74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D851677AA1866185E7258B29C440A3D3BA1EB54F58F344632CE8E977E4CF3AEC52C740
                                                                                                                                                                                                                                          Function 00007FF6058C17B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                          • Instruction ID: 724416c8a1cc27aee7514a7a0c7e065ecf7d8c36b336c51f7b5ed757290ccb1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05519336A2866186E764CB29D089A3C3BA1EB44F58F345631CE4D97796CF3AEC53C740
                                                                                                                                                                                                                                          Function 00007FF6058C1BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                          • Instruction ID: 2b23fb50207044fba31cd819ebe56b50e71cc97e9a95d1196b1a63ef403009d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9251A436A18A6186E7648B29C088A383BA1EB45F58F744631DF4D97796CF3AEC53C740
                                                                                                                                                                                                                                          Function 00007FF6058C5DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction ID: 1edd7cd506a6390530f8dfb47baa7f1899bbc4c2fca989922ab24a9c4840a5b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E64195B281976A44EDB989280914EB86F809F63FA0D785BB4DDD9D33C2DF2C7D868101
                                                                                                                                                                                                                                          Function 00007FF6058C9F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                          • Instruction ID: a57caa0fb6aa697eac168385528738b1ec253ff3635c952843e9d2b6e9219ddd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1410732714A6982EF08CF2ADA149A9B7A1FB48FD0B199536DE0DD7B58DF3CD9418300
                                                                                                                                                                                                                                          Function 00007FF6058C8154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                          • Instruction ID: 9f453761e8400af1130bf0649ede7b46f000711d2955671d2732691d4c0fa889
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F331F232B18B5282E7649B21A84453E6AD5AB84FD0F244739EE9E93BD5DF3CD8028704
                                                                                                                                                                                                                                          Function 00007FF6058D95E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                          • Instruction ID: e4d16154e3f50ed28ebf49c1f38370f058e0821d391e215377839e9033948075
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF068717182658ADB98CF6DB402A2977D0F7087C0F508439D98DC3B04DE3CD4618F04
                                                                                                                                                                                                                                          Function 00007FF6058BD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                          • Instruction ID: a383ffc16bfbab8a03a29bd6f8bdb703cfd47cf1fe5848c050c2ff6b636e3b5f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8A0022290DC2AE0F6449B00EC909352374FB55B02F610136E80EC20B1AF3CAC00D710
                                                                                                                                                                                                                                          Function 00007FF6058B5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5830
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5842
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5879
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B588B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B58A4
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B58B6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B58CF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B58E1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B58FD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B590F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B592B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B593D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5959
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B596B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5987
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B5999
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B59B5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B64BF,?,00007FF6058B336E), ref: 00007FF6058B59C7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                                                                          • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                          • Instruction ID: ce87e04151c84a79b038722f05de513d7019db1e67e0853a13e5b65efc3ef8cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6229E34E49B67D1FA54AB55A814DB423E4AF08F92F75513ACC2E82760FF3CAD48C620
                                                                                                                                                                                                                                          Function 00007FF6058B81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6058B45E4,00000000,00007FF6058B1985), ref: 00007FF6058B9439
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6058B88A7,?,?,00000000,00007FF6058B3CBB), ref: 00007FF6058B821C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2810: MessageBoxW.USER32 ref: 00007FF6058B28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                          • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                          • Instruction ID: aac9fe944965ee78d7dfd8a9c11ea42d4fa85c519fbb13cfc71d0d7a78ec4372
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3751A711A2D66381FB50FB24E851EBA6399AF94F80F644432DD0EC26D5EF3CED048B50
                                                                                                                                                                                                                                          Function 00007FF6058B2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: a1e35e3141d95c2409c2e63464ba6264b4bbb913594160bcb96f2f8410939e37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79510626604BB186D6249F26A4185BAB7A1F798B61F004122EFDF83794DF3CD445CB20
                                                                                                                                                                                                                                          Function 00007FF6058B80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                          • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                          • Instruction ID: 48d6017c8353a8d1dc459693fd08cb3728b0fc9bd944ae6641833cec7ee17398
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5121C921B09A52C2FB45AB7AE8449796395FF88F91F694131DE2DC33D4DE2CDD818B10
                                                                                                                                                                                                                                          Function 00007FF6058C6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction ID: 1b68354a3e116a4c7b3a6905987dc37e3d1bb969f8ae8023adc685f884317777
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24127771E0C16386FB245A1AD154A797A91FB40F50FB84B35EE998B6C4EF3CED849B00
                                                                                                                                                                                                                                          Function 00007FF6058C1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction ID: 8dea38ae3532a8f59e007cd7e27e8765f6dc06afe448e97ac6daab02c544cf86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B126631E1C16385FB249A15D09CE797A62FB40B54FA84A35DA99C7AC5DF7CEC80CB10
                                                                                                                                                                                                                                          Function 00007FF6058B1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 7e307792341f3e13bc35d069cd8d6eb008b40c51d7a157a29d78c9294da5d9b2
                                                                                                                                                                                                                                          • Instruction ID: 6510f2e784e666a9c0fd5fd46baefac2ec6ee27ed47f5289ca9362287b12822d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e307792341f3e13bc35d069cd8d6eb008b40c51d7a157a29d78c9294da5d9b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2418E21B1866282FA10FB12A815EBA6799BF44FC4F644932ED0D8B796DF3CE945C740
                                                                                                                                                                                                                                          Function 00007FF6058B1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 8171e7b2039391607633f9c15a315d45593e4c083ab96ebd05573d6ad0024e78
                                                                                                                                                                                                                                          • Instruction ID: 95c57a83001885a4b76288aba4438616c0e03befff84e44f7f11a0161bc447fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8171e7b2039391607633f9c15a315d45593e4c083ab96ebd05573d6ad0024e78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2418E21B0866296FA10EF2194519BA6394FF44F94FA44932ED4D8BB95DF3CEE42CB00
                                                                                                                                                                                                                                          Function 00007FF6058BEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                          • Instruction ID: a4a10336fff419623dfaa53a9e706b81fb1ceab885e2cde4c56499640176d8ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D18132A08B518AFB20AB65D4417ED37B8FB45B88F240135EE8D97B95DF38E954C700
                                                                                                                                                                                                                                          Function 00007FF6058CED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF6058CF11A,?,?,0000018AD80A6BD8,00007FF6058CADC3,?,?,?,00007FF6058CACBA,?,?,?,00007FF6058C5FAE), ref: 00007FF6058CEEFC
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6058CF11A,?,?,0000018AD80A6BD8,00007FF6058CADC3,?,?,?,00007FF6058CACBA,?,?,?,00007FF6058C5FAE), ref: 00007FF6058CEF08
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                          • Instruction ID: 2365530e60b352a58e2343b0496dc06bcadab34c2bc6785a9f8f3d6adb4aea37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341D321B19A2281FB16DB169804E752799BF49FD0FA94A39ED5DC7784EF3CEC058300
                                                                                                                                                                                                                                          Function 00007FF6058B2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2C9E
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2D63
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF6058B2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction ID: 7367ff9f16e5e2672f0f0f9e0c31969f2ef65a397d64e914a03879f82d9136f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D231F626B08B6142F620AB21A854ABB6795BF88FD9F510136EF4ED3759DF3CD906C700
                                                                                                                                                                                                                                          Function 00007FF6058BDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF6058BDFEA,?,?,?,00007FF6058BDCDC,?,?,?,00007FF6058BD8D9), ref: 00007FF6058BDDBD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058BDFEA,?,?,?,00007FF6058BDCDC,?,?,?,00007FF6058BD8D9), ref: 00007FF6058BDDCB
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF6058BDFEA,?,?,?,00007FF6058BDCDC,?,?,?,00007FF6058BD8D9), ref: 00007FF6058BDDF5
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF6058BDFEA,?,?,?,00007FF6058BDCDC,?,?,?,00007FF6058BD8D9), ref: 00007FF6058BDE63
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6058BDFEA,?,?,?,00007FF6058BDCDC,?,?,?,00007FF6058BD8D9), ref: 00007FF6058BDE6F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                          • Instruction ID: 64c267e85c8ab1229e922bd19c5c6b74b53ac20e93734afa1ea8b8db5a6b79f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4231A321B1BA62E1FE12AB02A800A7923D8FF58FA0F694535DD5D87390EF3CEC458714
                                                                                                                                                                                                                                          Function 00007FF6058B6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                          • Instruction ID: d107a73e023a249e0a5cd1d9d04f31e84421e95e503e5a3fe991a695103e9559
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9418531A1CA9791FA11EB21E415AEA6359FF54B44FA00132EE5DC3696EF3CEE05C740
                                                                                                                                                                                                                                          Function 00007FF6058B2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6058B351A,?,00000000,00007FF6058B3F23), ref: 00007FF6058B2AA0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                          • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                          • Instruction ID: 628d817835ced952c2ed67c0197badf05a28968f3af5c18f0046409e53e10cea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23218332A1879142E6209B51B441BEA6398FB88BC4F500136EE8D83659DF3CDA45C740
                                                                                                                                                                                                                                          Function 00007FF6058CB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                          • Instruction ID: 2093864fd24a839ed8aa4108e3b1642822ac8a5002ea6e140982663fe08e48b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84219F20E0CA7642FA686361665693D5A565F44FB2F704B34ED3ECBAD6DF3CAC408301
                                                                                                                                                                                                                                          Function 00007FF6058D7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                          • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                          • Instruction ID: e37e911923652735dff704d59e974cbec57e05fed27dd9a78f5fed976bcd3edf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73119021B18A6286E7508B52E854B2963E4FB88FF5F204235EE6DC77A4DF3CDC048B50
                                                                                                                                                                                                                                          Function 00007FF6058B8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF6058B9216), ref: 00007FF6058B8592
                                                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6058B9216), ref: 00007FF6058B85E9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6058B45E4,00000000,00007FF6058B1985), ref: 00007FF6058B9439
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6058B9216), ref: 00007FF6058B8678
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6058B9216), ref: 00007FF6058B86E4
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF6058B9216), ref: 00007FF6058B86F5
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF6058B9216), ref: 00007FF6058B870A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                                                          • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                          • Instruction ID: 74cf9be3847e331008b0424b7ab5db24b5d4424e5296eca9dacb4e71d6ecb117
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B418122B1969241FA30AB11A544AAA639CFB84FC4F554135DF8DE7B89DF3CD901CB04
                                                                                                                                                                                                                                          Function 00007FF6058CB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB347
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB37D
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB3AA
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB3BB
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB3CC
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF6058C4F81,?,?,?,?,00007FF6058CA4FA,?,?,?,?,00007FF6058C71FF), ref: 00007FF6058CB3E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                          • Instruction ID: 5ee2eae29df49881a165851671e72ff2f9e38a1658b4c4320c5aba7828726b19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C119020B0CA6282FA586331564293D69925F44FB2F744B34ED7ECA7C6EF3CAC418301
                                                                                                                                                                                                                                          Function 00007FF6058B2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6058B1B6A), ref: 00007FF6058B295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                          • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                          • Instruction ID: 1625d7c79b15e20f72f4497ac407ee614867251ea54db319814d30e8f653a589
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7831F622B186A152F720A761A850AF76394BF88BD4F500132EE8DC3759EF3CD946C700
                                                                                                                                                                                                                                          Function 00007FF6058B2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                          • Instruction ID: 8f610f98ef37a2198060c2320c6084b5a1c5bc520d33cca0f3cdcd1163bc471f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7631B73661869289EB20EF21E8556F963A0FF88B84F600135EE4DC7B59DF3CC904C700
                                                                                                                                                                                                                                          Function 00007FF6058B2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6058B918F,?,00007FF6058B3C55), ref: 00007FF6058B2BA0
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF6058B2C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction ID: 7febacd6e2c6782e69b2124f399af0d2a81c90e57c0b1cb193939c8755648218
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D521A162B08B5182E7119B14F885BAA73A4FB88BC0F500136EE8D97659DF3CDA45C700
                                                                                                                                                                                                                                          Function 00007FF6058B2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6058B1B99), ref: 00007FF6058B2760
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                          • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                          • Instruction ID: 5b911f3bc423d2e83c68665ef5cbe6b0d2a1faa254c7ee04fad3dd4233555410
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86218332A1879142E620DB50B441BEA6394FB88BC4F500136EE8D83759DF3CD9458740
                                                                                                                                                                                                                                          Function 00007FF6058C9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                          • Instruction ID: 459359a32bf7f81d773a77791bdc777f84c606564855bdd620b1d06ff3121b1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF06221B09B2691FB148B24E455B795360AF49FA2F640736DE6E861F4DF3CE845C710
                                                                                                                                                                                                                                          Function 00007FF6058D93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction ID: 71beb335b3ec4aa558cf2af043dc1f541c366d58bbb764ca0a3026f5c2cc1187
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1111A372E5CA3301F7542124D456B7523C66F59BB4F350636EE6ECA2D7CE2CAD414124
                                                                                                                                                                                                                                          Function 00007FF6058CB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF6058CA613,?,?,00000000,00007FF6058CA8AE,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CB41F
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058CA613,?,?,00000000,00007FF6058CA8AE,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CB43E
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058CA613,?,?,00000000,00007FF6058CA8AE,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CB466
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058CA613,?,?,00000000,00007FF6058CA8AE,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CB477
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6058CA613,?,?,00000000,00007FF6058CA8AE,?,?,?,?,?,00007FF6058CA83A), ref: 00007FF6058CB488
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                          • Instruction ID: 9d0c0ce0ee420d468ba4aac6e6c52d50949430a26432e06d03a8c6902f8ba23a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A119320F0CA2242FA58A321695297969565F44FB1FB48B34ED7DCA6D6DF3CFC418301
                                                                                                                                                                                                                                          Function 00007FF6058CB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                          • Instruction ID: 5226f161abffff6cce8318aa41783157a45b3ea9ce42e7a1325d2119f588c240
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8111FA20E09A2746F96862755852D7E19964F45F72FB44F34DD3ECA2D2EF3CBC414202
                                                                                                                                                                                                                                          Function 00007FF6058C6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction ID: dad4468778d80d9419f8d9083732ee4609742c6ac214ed57b63960d7cffc0ef1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5191DD32A08A6681FB619E2AD450B7D3B91AB40F94F644B36DE4E873D5EF3CEC058300
                                                                                                                                                                                                                                          Function 00007FF6058CFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction ID: 47d0443277e9a1b314d84a486b952186e9f45c30b021f350096fb9b8239cb89c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D81C132E0826385F7644F259110A783EA2AF12F88F759A35DF49DB689DF3DED019701
                                                                                                                                                                                                                                          Function 00007FF6058BD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                          • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                          • Instruction ID: 356f3d896dfb55b6ac20c5155e5dd706fbf091ad2cc272646bf507a44c5db5fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C751B032B1A622AAEB14AB15D444F783799EB44F98F208534DE4E83744EF3CEC41C740
                                                                                                                                                                                                                                          Function 00007FF6058BEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                          • Instruction ID: 74103845ab5a5fa54b3025c953750ea6fe88c7059e9ceeb53106e51e4f7eac33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4661C332908BC585EB71AB15E840BAAB7A4FB84B84F144635EF9C47B65CF7CD590CB00
                                                                                                                                                                                                                                          Function 00007FF6058BF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                          • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                          • Instruction ID: d29d771ea20f6382432507d7a032b730e381baea9b6c46eaf566038d8a485fb5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91518E329082928AFB74AF259884A6877A8EB54F84F244235DF5C87B95CF3CED508701
                                                                                                                                                                                                                                          Function 00007FF6058B2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                          • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                          • Instruction ID: 4f577166e7cd9e7c4dc0cb34082459b7f8e9dde921b988bde187a7b833de630f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C621A172B08B5182E7109B54F485BEA73A4FB88B80F500136EE8D97759DF3CDA49C700
                                                                                                                                                                                                                                          Function 00007FF6058CC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                                          • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                          • Instruction ID: 854a10324e4bc000b7b48b0587ecdff0d45adc220282ad6cb3939805280ef135
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1D13772B18A908AE710CF75D4445AC3BB1FB44B98B648236DE6DD7B99DF38D806C340
                                                                                                                                                                                                                                          Function 00007FF6058B20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction ID: 16acc08edb9e373ed77e8f31950a477603045119a783998e648d4ee3bdc029e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31110C25F0C16242F654A769E544ABD5396EF88F80F648031DF4A47B9DCD3DECD18600
                                                                                                                                                                                                                                          Function 00007FF6058D5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                          • Instruction ID: 8402aa073445427f172a8a708edc9e1994c2ea2a305608939c4e16aa94c059c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80412732A096A646FB249B25E405B7A67E0EB90FA4F344237EE5C86AD5DF3CD841C710
                                                                                                                                                                                                                                          Function 00007FF6058C9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6058C90B6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058CA9B8: GetLastError.KERNEL32(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9D8
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6058BCC15), ref: 00007FF6058C90D4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                          • API String ID: 3580290477-673502383
                                                                                                                                                                                                                                          • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                          • Instruction ID: b7ce771da5ee4747290d5160bc55778fc6f84eaaf766d00c4d415a9f9ca01234
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B419536A08B6285EB14EF25A8418BC7B94EF44FD0B654536ED4E87B85DF3CEC818340
                                                                                                                                                                                                                                          Function 00007FF6058CCCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction ID: 5e25a732dfb3762eb5a86b459da1b26fe4a794d6ac6c0ebe3699d2ba192a5e2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD41B432B18A5181DB208F25E4457BA6BA0FB88B94F544535EE4DC7B98EF3CDC01C750
                                                                                                                                                                                                                                          Function 00007FF6058CF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                          • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                          • Instruction ID: 349fec35293143a0381971921d586b501463d24ec75d6331472bebb06f222461
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A21F632A086A182FB249B11D044A6D77B2FB84F44FA54636DF8C83694DF7CED45CB50
                                                                                                                                                                                                                                          Function 00007FF6058BFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                          • Instruction ID: 5f6be95e5831093d5faa6bb9e8a9ad4c57a04a5c66209ab829ed1fe90c039ef1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30114C32608B9182EB608B15F84066977E4FB88B84F684235DFCD47B59DF3CC9518B00
                                                                                                                                                                                                                                          Function 00007FF6058D07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2608634532.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608606071.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608670419.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608701819.00007FF6058F2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2608752062.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                          • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                          • Instruction ID: 94767bae7f9bb6ae92a9b857c89bfe4f2dd481907bad9ddd3065791882fe285a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB01A72291C217C6FB60AF60946AA7E27E0FF44B04FA00536ED4DC6695EF3DED448B24

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF8E7208380 Relevance: 591.1, APIs: 57, Strings: 280, Instructions: 1337libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff8e7208380-7ff8e72083b3 PySys_GetObject 1 7ff8e72083f1 PyErr_Clear 0->1 2 7ff8e72083b5-7ff8e72083c3 PyLong_AsUnsignedLongMask 0->2 3 7ff8e72083f7-7ff8e7208405 call 7ff8e7213810 1->3 2->3 4 7ff8e72083c5-7ff8e72083ce PyErr_Occurred 2->4 9 7ff8e720840e-7ff8e7208417 ?PyWinGlobals_Ensure@@YAHXZ 3->9 10 7ff8e7208407-7ff8e7208409 call 7ff8e72138e0 3->10 4->3 5 7ff8e72083d0 4->5 7 7ff8e72083d2-7ff8e72083f0 5->7 9->5 12 7ff8e7208419-7ff8e7208431 PyModule_Create2 9->12 10->9 12->5 13 7ff8e7208433-7ff8e7208442 PyModule_GetDict 12->13 13->5 14 7ff8e7208444-7ff8e720844b call 7ff8e72124c0 13->14 14->5 17 7ff8e720844d-7ff8e72084a5 PyDict_SetItemString * 3 PyType_Ready 14->17 17->5 18 7ff8e72084ab-7ff8e72084be PyType_Ready 17->18 18->5 19 7ff8e72084c4-7ff8e72084d7 PyType_Ready 18->19 19->5 20 7ff8e72084dd-7ff8e72084f0 PyType_Ready 19->20 20->5 21 7ff8e72084f6-7ff8e72085d3 call 7ff8e7248110 _Py_NewReference PyDict_SetItemString call 7ff8e7248110 _Py_NewReference PyDict_SetItemString call 7ff8e7248110 _Py_NewReference PyDict_SetItemString call 7ff8e7248110 _Py_NewReference PyDict_SetItemString 20->21 30 7ff8e72085f1-7ff8e7208606 PyDict_SetItemString 21->30 31 7ff8e72085d5-7ff8e72085ec PyErr_SetString 21->31 30->5 32 7ff8e720860c-7ff8e7208621 PyDict_SetItemString 30->32 31->5 32->5 33 7ff8e7208627-7ff8e7208643 PyDict_SetItemString 32->33 33->5 34 7ff8e7208649-7ff8e7208677 PyErr_NewException PyDict_SetItemString 33->34 34->5 35 7ff8e720867d-7ff8e720868b 34->35 36 7ff8e7208690-7ff8e72086a4 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 35->36 36->5 37 7ff8e72086aa-7ff8e72086bf PyDict_SetItemString 36->37 38 7ff8e72086ca-7ff8e72086cc 37->38 39 7ff8e72086c1-7ff8e72086c4 _Py_Dealloc 37->39 38->5 40 7ff8e72086d2-7ff8e72086d5 38->40 39->38 40->36 41 7ff8e72086d7-7ff8e72086e7 PyType_Ready 40->41 41->5 42 7ff8e72086ed-7ff8e72086fd PyType_Ready 41->42 42->5 43 7ff8e7208703-7ff8e7208713 PyType_Ready 42->43 43->5 44 7ff8e7208719-7ff8e7208729 PyType_Ready 43->44 44->5 45 7ff8e720872f-7ff8e720873f PyType_Ready 44->45 45->5 46 7ff8e7208745-7ff8e720875d PyModule_Create2 45->46 46->5 47 7ff8e7208763-7ff8e7208796 PyDict_New PyDict_SetItemString GetModuleHandleW 46->47 48 7ff8e7208798-7ff8e7208804 GetProcAddress * 5 47->48 49 7ff8e720880b-7ff8e720881b GetModuleHandleW 47->49 48->49 50 7ff8e720881d-7ff8e720882d LoadLibraryExW 49->50 51 7ff8e720882f-7ff8e720883f GetProcAddress 49->51 50->51 52 7ff8e7208846-7ff8e7209ce3 call 7ff8e7208310 * 254 call 7ff8e7200f00 50->52 51->52 563 7ff8e7209d0d-7ff8e7209d2d call 7ff8e7208310 * 2 52->563 564 7ff8e7209ce5-7ff8e7209d0b call 7ff8e7208310 * 2 52->564 573 7ff8e7209d30-7ff8e7209d66 call 7ff8e7208310 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 563->573 564->573 576 7ff8e7209d68-7ff8e7209d6b _Py_Dealloc 573->576 577 7ff8e7209d71-7ff8e7209d98 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 573->577 576->577 578 7ff8e7209d9a-7ff8e7209d9d _Py_Dealloc 577->578 579 7ff8e7209da3-7ff8e7209dca ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 577->579 578->579 580 7ff8e7209dcc-7ff8e7209dcf _Py_Dealloc 579->580 581 7ff8e7209dd5-7ff8e7209dd8 579->581 580->581 581->7
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_String$Item$ReadyType_$AddressProc$DeallocFrom$D@@@Err_Object_ReferenceU_object@@$HandleModuleModule_$Create2LongLong_$ClearDictEnsure@@ExceptionGlobals_LibraryLoadMaskObjectOccurredSys_Unsigned
                                                                                                                                                                                                                                          • String ID: ACTIVEOBJECT_STRONG$ACTIVEOBJECT_WEAK$ArgNotFound$CLSCTX_ALL$CLSCTX_INPROC$CLSCTX_INPROC_HANDLER$CLSCTX_INPROC_SERVER$CLSCTX_LOCAL_SERVER$CLSCTX_REMOTE_SERVER$CLSCTX_SERVER$COINIT_APARTMENTTHREADED$COINIT_DISABLE_OLE1DDE$COINIT_MULTITHREADED$COINIT_SPEED_OVER_MEMORY$COWAIT_ALERTABLE$COWAIT_WAITALL$CoCreateInstanceEx$CoGetCancelObject$CoGetObjectContext$CoInitializeSecurity$CoWaitForMultipleHandles$CreateURLMonikerEx$DATADIR_GET$DATADIR_SET$DESCKIND_FUNCDESC$DESCKIND_VARDESC$DISPATCH_METHOD$DISPATCH_PROPERTYGET$DISPATCH_PROPERTYPUT$DISPATCH_PROPERTYPUTREF$DISPID_COLLECT$DISPID_CONSTRUCTOR$DISPID_DESTRUCTOR$DISPID_EVALUATE$DISPID_NEWENUM$DISPID_PROPERTYPUT$DISPID_STARTENUM$DISPID_THIS$DISPID_UNKNOWN$DISPID_VALUE$DVASPECT_CONTENT$DVASPECT_DOCPRINT$DVASPECT_ICON$DVASPECT_THUMBNAIL$EOAC_ACCESS_CONTROL$EOAC_ANY_AUTHORITY$EOAC_APPID$EOAC_AUTO_IMPERSONATE$EOAC_DEFAULT$EOAC_DISABLE_AAA$EOAC_DYNAMIC$EOAC_DYNAMIC_CLOAKING$EOAC_MAKE_FULLSIC$EOAC_MUTUAL_AUTH$EOAC_NONE$EOAC_NO_CUSTOM_MARSHAL$EOAC_REQUIRE_FULLSIC$EOAC_SECURE_REFS$EOAC_STATIC_CLOAKING$EXTCONN_CALLABLE$EXTCONN_STRONG$EXTCONN_WEAK$Empty$FMTID_DocSummaryInformation$FMTID_SummaryInformation$FMTID_UserDefinedProperties$FUNCFLAG_FBINDABLE$FUNCFLAG_FDEFAULTBIND$FUNCFLAG_FDISPLAYBIND$FUNCFLAG_FHIDDEN$FUNCFLAG_FREQUESTEDIT$FUNCFLAG_FRESTRICTED$FUNCFLAG_FSOURCE$FUNCFLAG_FUSESGETLASTERROR$FUNC_DISPATCH$FUNC_NONVIRTUAL$FUNC_PUREVIRTUAL$FUNC_STATIC$FUNC_VIRTUAL$IDLFLAG_FIN$IDLFLAG_FLCID$IDLFLAG_FOUT$IDLFLAG_FRETVAL$IDLFLAG_NONE$IMPLTYPEFLAG_FDEFAULT$IMPLTYPEFLAG_FRESTRICTED$IMPLTYPEFLAG_FSOURCE$INVOKE_FUNC$INVOKE_PROPERTYGET$INVOKE_PROPERTYPUT$INVOKE_PROPERTYPUTREF$InterfaceNames$MKSYS_ANTIMONIKER$MKSYS_CLASSMONIKER$MKSYS_FILEMONIKER$MKSYS_GENERICCOMPOSITE$MKSYS_ITEMMONIKER$MKSYS_NONE$MKSYS_POINTERMONIKER$MSHCTX_DIFFERENTMACHINE$MSHCTX_INPROC$MSHCTX_LOCAL$MSHCTX_NOSHAREDMEM$MSHLFLAGS_NOPING$MSHLFLAGS_NORMAL$MSHLFLAGS_TABLESTRONG$MSHLFLAGS_TABLEWEAK$Missing$Nothing$PARAMFLAG_FHASDEFAULT$PARAMFLAG_FIN$PARAMFLAG_FLCID$PARAMFLAG_FOPT$PARAMFLAG_FOUT$PARAMFLAG_FRETVAL$PARAMFLAG_NONE$REGCLS_MULTIPLEUSE$REGCLS_MULTI_SEPARATE$REGCLS_SINGLEUSE$REGCLS_SUSPENDED$ROTFLAGS_ALLOWANYCLIENT$ROTFLAGS_REGISTRATIONKEEPSALIVE$RPC_C_AUTHN_DCE_PRIVATE$RPC_C_AUTHN_DCE_PUBLIC$RPC_C_AUTHN_DEC_PUBLIC$RPC_C_AUTHN_DEFAULT$RPC_C_AUTHN_DPA$RPC_C_AUTHN_GSS_KERBEROS$RPC_C_AUTHN_GSS_NEGOTIATE$RPC_C_AUTHN_GSS_SCHANNEL$RPC_C_AUTHN_LEVEL_CALL$RPC_C_AUTHN_LEVEL_CONNECT$RPC_C_AUTHN_LEVEL_DEFAULT$RPC_C_AUTHN_LEVEL_NONE$RPC_C_AUTHN_LEVEL_PKT$RPC_C_AUTHN_LEVEL_PKT_INTEGRITY$RPC_C_AUTHN_LEVEL_PKT_PRIVACY$RPC_C_AUTHN_MQ$RPC_C_AUTHN_MSN$RPC_C_AUTHN_NONE$RPC_C_AUTHN_WINNT$RPC_C_AUTHZ_DCE$RPC_C_AUTHZ_DEFAULT$RPC_C_AUTHZ_NAME$RPC_C_AUTHZ_NONE$RPC_C_IMP_LEVEL_ANONYMOUS$RPC_C_IMP_LEVEL_DEFAULT$RPC_C_IMP_LEVEL_DELEGATE$RPC_C_IMP_LEVEL_IDENTIFY$RPC_C_IMP_LEVEL_IMPERSONATE$STDOLE2_LCID$STDOLE2_MAJORVERNUM$STDOLE2_MINORVERNUM$STDOLE_LCID$STDOLE_MAJORVERNUM$STDOLE_MINORVERNUM$STREAM_SEEK_CUR$STREAM_SEEK_END$STREAM_SEEK_SET$SYS_MAC$SYS_WIN16$SYS_WIN32$ServerInterfaces$TKIND_ALIAS$TKIND_COCLASS$TKIND_DISPATCH$TKIND_ENUM$TKIND_INTERFACE$TKIND_MODULE$TKIND_RECORD$TKIND_UNION$TYMED_ENHMF$TYMED_FILE$TYMED_GDI$TYMED_HGLOBAL$TYMED_ISTORAGE$TYMED_ISTREAM$TYMED_MFPICT$TYMED_NULL$TYPEFLAG_FAGGREGATABLE$TYPEFLAG_FAPPOBJECT$TYPEFLAG_FCANCREATE$TYPEFLAG_FCONTROL$TYPEFLAG_FDISPATCHABLE$TYPEFLAG_FDUAL$TYPEFLAG_FHIDDEN$TYPEFLAG_FLICENSED$TYPEFLAG_FNONEXTENSIBLE$TYPEFLAG_FOLEAUTOMATION$TYPEFLAG_FPREDECLID$TYPEFLAG_FREPLACEABLE$TYPEFLAG_FRESTRICTED$TYPEFLAG_FREVERSEBIND$TypeIIDs$URL_MK_LEGACY$URL_MK_UNIFORM$VARFLAG_FREADONLY$VAR_CONST$VAR_DISPATCH$VAR_PERINSTANCE$VAR_STATIC$VT_ARRAY$VT_BLOB$VT_BLOB_OBJECT$VT_BOOL$VT_BSTR$VT_BSTR_BLOB$VT_BYREF$VT_CARRAY$VT_CF$VT_CLSID$VT_CY$VT_DATE$VT_DECIMAL$VT_DISPATCH$VT_EMPTY$VT_ERROR$VT_FILETIME$VT_HRESULT$VT_I1$VT_I2$VT_I4$VT_I8$VT_ILLEGAL$VT_ILLEGALMASKED$VT_INT$VT_LPSTR$VT_LPWSTR$VT_NULL$VT_PTR$VT_R4$VT_R8$VT_RECORD$VT_RESERVED$VT_SAFEARRAY$VT_STORAGE$VT_STORED_OBJECT$VT_STREAM$VT_STREAMED_OBJECT$VT_TYPEMASK$VT_UI1$VT_UI2$VT_UI4$VT_UI8$VT_UINT$VT_UNKNOWN$VT_USERDEFINED$VT_VARIANT$VT_VECTOR$VT_VOID$_univgw$can't define ole_error$coinit_flags$com_error$dcom$error$fdexNameCaseInsensitive$fdexNameCaseSensitive$fdexNameEnsure$fdexNameImplicit$fdexPropCanCall$fdexPropCanConstruct$fdexPropCanGet$fdexPropCanPut$fdexPropCanPutRef$fdexPropCanSourceEvents$fdexPropCannotCall$fdexPropCannotConstruct$fdexPropCannotGet$fdexPropCannotPut$fdexPropCannotPutRef$fdexPropCannotSourceEvents$fdexPropDynamicType$fdexPropNoSideEffects$frozen$internal_error$ole32.dll$ole_error$pythoncom.internal_error$urlmon.dll
                                                                                                                                                                                                                                          • API String ID: 1000972437-3953899047
                                                                                                                                                                                                                                          • Opcode ID: d961c77e9954e61468a8e5a196bcd22920ae6a88ca7d64bfb3fdc26b38982787
                                                                                                                                                                                                                                          • Instruction ID: c8e8f18f9468ba819db7d510c1d1ed88607b0cddd7a3c700fa65cb76845ca579
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d961c77e9954e61468a8e5a196bcd22920ae6a88ca7d64bfb3fdc26b38982787
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDD2F964B18B5350FA18AB96E8613BE1311AF86BC0F846435D82F07796DFBDE284C753
                                                                                                                                                                                                                                          Function 00007FF8E71CED20 Relevance: 306.6, APIs: 93, Strings: 82, Instructions: 391libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611989528.00007FF8E71C1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8E71C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611970927.00007FF8E71C0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612011855.00007FF8E71D3000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612031954.00007FF8E71DE000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612051118.00007FF8E71E1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71c0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$Constant$AddressProc$Dict_ItemString$HandleLibraryLoadModule$FromLongLong_$CallerCreate2DictEnsure@@Globals_ReadyType_
                                                                                                                                                                                                                                          • String ID: Advapi32.dll$ChangeDisplaySettingsExW$EnumDisplayDevicesW$EnumDisplayMonitors$EnumDisplaySettingsExW$GetComputerNameExW$GetComputerObjectNameW$GetDllDirectoryW$GetHandleInformation$GetLastInputInfo$GetLongPathNameA$GetLongPathNameW$GetMonitorInfoW$GetNativeSystemInfo$GetSystemFileCacheSize$GetUserNameExW$GlobalMemoryStatusEx$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$NameCanonical$NameCanonicalEx$NameDisplay$NameFullyQualifiedDN$NameSamCompatible$NameServicePrincipal$NameUniqueId$NameUnknown$NameUserPrincipal$PyDISPLAY_DEVICEType$REG_NOTIFY_CHANGE_ATTRIBUTES$REG_NOTIFY_CHANGE_LAST_SET$REG_NOTIFY_CHANGE_NAME$REG_NOTIFY_CHANGE_SECURITY$RegCopyTreeW$RegCreateKeyTransactedW$RegDeleteKeyExW$RegDeleteKeyTransactedW$RegDeleteTreeW$RegOpenCurrentUser$RegOpenKeyTransactedW$RegOverridePredefKey$RegRestoreKeyW$RegSaveKeyExW$STD_ERROR_HANDLE$STD_INPUT_HANDLE$STD_OUTPUT_HANDLE$SetDllDirectoryW$SetHandleInformation$SetSystemFileCacheSize$SetSystemPowerState$VFT_APP$VFT_DLL$VFT_DRV$VFT_FONT$VFT_STATIC_LIB$VFT_UNKNOWN$VFT_VXD$VOS_DOS$VOS_DOS_WINDOWS16$VOS_DOS_WINDOWS32$VOS_NT$VOS_NT_WINDOWS32$VOS_OS216$VOS_OS216_PM16$VOS_OS232$VOS_OS232_PM32$VOS_UNKNOWN$VOS__PM16$VOS__PM32$VOS__WINDOWS16$VOS__WINDOWS32$VS_FF_DEBUG$VS_FF_INFOINFERRED$VS_FF_PATCHED$VS_FF_PRERELEASE$VS_FF_PRIVATEBUILD$VS_FF_SPECIALBUILD$error$kernel32.dll$secur32.dll$user32.dll
                                                                                                                                                                                                                                          • API String ID: 1655756704-685172649
                                                                                                                                                                                                                                          • Opcode ID: 63a8f0004610e5ca5fe4d8dfd7281fc188e588c0d7d7bbcec55101f3f079b9f9
                                                                                                                                                                                                                                          • Instruction ID: a35f8f460040b5afb95c383a2ac19353a8f05f0abe4562f81059a49e43b68cd8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63a8f0004610e5ca5fe4d8dfd7281fc188e588c0d7d7bbcec55101f3f079b9f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1522C3B4A08B43E1EA049B95F95437C23A1FF49BC2F845635CA2E47764EF7CA149CB42
                                                                                                                                                                                                                                          Function 00007FF8E7202F50 Relevance: 66.7, APIs: 32, Strings: 6, Instructions: 239threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 768 7ff8e7202f50-7ff8e7202f7e _PyArg_ParseTuple_SizeT 769 7ff8e7202f84-7ff8e7202f9a ?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z 768->769 770 7ff8e720330c-7ff8e7203314 768->770 769->770 771 7ff8e7202fa0-7ff8e7202fb6 769->771 772 7ff8e72030a3-7ff8e72030b3 CreateBindCtx 771->772 773 7ff8e7202fbc-7ff8e7202fc3 771->773 774 7ff8e72030b5-7ff8e72030cf ?PyWinObject_FreeWCHAR@@YAXPEA_W@Z call 7ff8e71f4c10 772->774 775 7ff8e72030d4-7ff8e72030db 772->775 773->772 776 7ff8e7202fc9-7ff8e7202fdb PyObject_IsInstance 773->776 789 7ff8e7203008-7ff8e720301d 774->789 780 7ff8e72030f3-7ff8e7203106 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 775->780 781 7ff8e72030dd-7ff8e72030ee 775->781 778 7ff8e720301e-7ff8e7203034 776->778 779 7ff8e7202fdd-7ff8e7202ff6 PyErr_Format 776->779 784 7ff8e7203036-7ff8e720304a PyErr_SetString 778->784 785 7ff8e720304c-7ff8e7203076 PyEval_SaveThread PyEval_RestoreThread 778->785 783 7ff8e7202ffc-7ff8e7203006 ?PyWinObject_FreeWCHAR@@YAXPEA_W@Z 779->783 787 7ff8e720314c-7ff8e7203161 PyEval_SaveThread PyEval_RestoreThread 780->787 788 7ff8e7203108-7ff8e720311f PyDict_GetItem 780->788 786 7ff8e72031b0-7ff8e72031b7 781->786 783->789 784->783 806 7ff8e720308d-7ff8e720309e 785->806 807 7ff8e7203078-7ff8e7203088 call 7ff8e71f4c10 785->807 786->783 792 7ff8e72031bd-7ff8e72031f3 PyEval_SaveThread MkParseDisplayName PyEval_RestoreThread ?PyWinObject_FreeWCHAR@@YAXPEA_W@Z 786->792 801 7ff8e7203167 787->801 790 7ff8e7203121-7ff8e7203124 _Py_Dealloc 788->790 791 7ff8e720312a-7ff8e720312d 788->791 790->791 795 7ff8e7203170-7ff8e7203182 PyObject_IsSubclass 791->795 796 7ff8e720312f-7ff8e7203135 PyErr_Clear 791->796 797 7ff8e72031f5-7ff8e72031fd 792->797 798 7ff8e720321a-7ff8e7203221 792->798 804 7ff8e7203184-7ff8e720318b 795->804 805 7ff8e720318d-7ff8e7203197 795->805 808 7ff8e720313c-7ff8e7203146 PyErr_SetString 796->808 799 7ff8e7203205-7ff8e7203215 call 7ff8e71f4c10 797->799 800 7ff8e72031ff _Py_Dealloc 797->800 802 7ff8e7203223-7ff8e7203234 798->802 803 7ff8e7203239-7ff8e720324c ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 798->803 799->789 800->799 801->795 810 7ff8e72032ef-7ff8e7203307 _Py_BuildValue_SizeT 802->810 811 7ff8e7203292-7ff8e72032ad PyEval_SaveThread PyEval_RestoreThread 803->811 812 7ff8e720324e-7ff8e7203265 PyDict_GetItem 803->812 804->808 813 7ff8e72031a2-7ff8e72031aa 805->813 814 7ff8e7203199-7ff8e72031a0 805->814 806->792 807->783 808->787 810->789 811->810 819 7ff8e7203267-7ff8e720326a _Py_Dealloc 812->819 820 7ff8e7203270-7ff8e7203273 812->820 813->801 828 7ff8e72031ac 813->828 814->808 819->820 821 7ff8e7203275-7ff8e720327b PyErr_Clear 820->821 822 7ff8e72032af-7ff8e72032c1 PyObject_IsSubclass 820->822 827 7ff8e7203282-7ff8e720328c PyErr_SetString 821->827 825 7ff8e72032c3-7ff8e72032ca 822->825 826 7ff8e72032cc-7ff8e72032d6 822->826 825->827 829 7ff8e72032e1-7ff8e72032e9 826->829 830 7ff8e72032d8-7ff8e72032df 826->830 827->811 828->786 829->810 832 7ff8e72032eb 829->832 830->827 832->810
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Eval_Thread$Err_$RestoreSave$DeallocFreeStringU_object@@$ClearD@@@Dict_FromItemParseSizeSubclass$Arg_BindBuildCreateDisplayFormatInstanceNameTuple_Value_
                                                                                                                                                                                                                                          • String ID: NiN$O|O:MkParseDisplayName$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                          • API String ID: 3532411319-838830991
                                                                                                                                                                                                                                          • Opcode ID: bb6aa4374760edcefa6f4dbb649bcc56dc625ca2e3796d779796c1e0a02acc93
                                                                                                                                                                                                                                          • Instruction ID: 93eddaaacb990dae5de10202eb6ca64862fee5a06ce98511f6c5f07039653956
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb6aa4374760edcefa6f4dbb649bcc56dc625ca2e3796d779796c1e0a02acc93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3B12821A09A5286FB159FA9E8443BC23A0FF49BC4F44903ACD2F57765EF3CE4858312
                                                                                                                                                                                                                                          Function 00007FF6058B1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 833 7ff6058b1000-7ff6058b3806 call 7ff6058bfe88 call 7ff6058bfe90 call 7ff6058bc8c0 call 7ff6058c5460 call 7ff6058c54f4 call 7ff6058b36b0 847 7ff6058b3814-7ff6058b3836 call 7ff6058b1950 833->847 848 7ff6058b3808-7ff6058b380f 833->848 853 7ff6058b383c-7ff6058b3856 call 7ff6058b1c80 847->853 854 7ff6058b391b-7ff6058b3931 call 7ff6058b45b0 847->854 849 7ff6058b3c97-7ff6058b3cb2 call 7ff6058bc5c0 848->849 858 7ff6058b385b-7ff6058b389b call 7ff6058b8a20 853->858 861 7ff6058b3933-7ff6058b3960 call 7ff6058b7f80 854->861 862 7ff6058b396a-7ff6058b397f call 7ff6058b2710 854->862 868 7ff6058b38c1-7ff6058b38cc call 7ff6058c4fa0 858->868 869 7ff6058b389d-7ff6058b38a3 858->869 870 7ff6058b3984-7ff6058b39a6 call 7ff6058b1c80 861->870 871 7ff6058b3962-7ff6058b3965 call 7ff6058c00bc 861->871 872 7ff6058b3c8f 862->872 880 7ff6058b38d2-7ff6058b38e1 call 7ff6058b8a20 868->880 881 7ff6058b39fc-7ff6058b3a2a call 7ff6058b8b30 call 7ff6058b8b90 * 3 868->881 873 7ff6058b38af-7ff6058b38bd call 7ff6058b8b90 869->873 874 7ff6058b38a5-7ff6058b38ad 869->874 886 7ff6058b39b0-7ff6058b39b9 870->886 871->862 872->849 873->868 874->873 890 7ff6058b39f4-7ff6058b39f7 call 7ff6058c4fa0 880->890 891 7ff6058b38e7-7ff6058b38ed 880->891 909 7ff6058b3a2f-7ff6058b3a3e call 7ff6058b8a20 881->909 886->886 889 7ff6058b39bb-7ff6058b39d8 call 7ff6058b1950 886->889 889->858 901 7ff6058b39de-7ff6058b39ef call 7ff6058b2710 889->901 890->881 895 7ff6058b38f0-7ff6058b38fc 891->895 898 7ff6058b38fe-7ff6058b3903 895->898 899 7ff6058b3905-7ff6058b3908 895->899 898->895 898->899 899->890 902 7ff6058b390e-7ff6058b3916 call 7ff6058c4fa0 899->902 901->872 902->909 912 7ff6058b3a44-7ff6058b3a47 909->912 913 7ff6058b3b45-7ff6058b3b53 909->913 912->913 916 7ff6058b3a4d-7ff6058b3a50 912->916 914 7ff6058b3b59-7ff6058b3b5d 913->914 915 7ff6058b3a67 913->915 917 7ff6058b3a6b-7ff6058b3a90 call 7ff6058c4fa0 914->917 915->917 918 7ff6058b3b14-7ff6058b3b17 916->918 919 7ff6058b3a56-7ff6058b3a5a 916->919 928 7ff6058b3a92-7ff6058b3aa6 call 7ff6058b8b30 917->928 929 7ff6058b3aab-7ff6058b3ac0 917->929 921 7ff6058b3b2f-7ff6058b3b40 call 7ff6058b2710 918->921 922 7ff6058b3b19-7ff6058b3b1d 918->922 919->918 920 7ff6058b3a60 919->920 920->915 930 7ff6058b3c7f-7ff6058b3c87 921->930 922->921 924 7ff6058b3b1f-7ff6058b3b2a 922->924 924->917 928->929 932 7ff6058b3be8-7ff6058b3bfa call 7ff6058b8a20 929->932 933 7ff6058b3ac6-7ff6058b3aca 929->933 930->872 941 7ff6058b3c2e 932->941 942 7ff6058b3bfc-7ff6058b3c02 932->942 935 7ff6058b3ad0-7ff6058b3ae8 call 7ff6058c52c0 933->935 936 7ff6058b3bcd-7ff6058b3be2 call 7ff6058b1940 933->936 946 7ff6058b3b62-7ff6058b3b7a call 7ff6058c52c0 935->946 947 7ff6058b3aea-7ff6058b3b02 call 7ff6058c52c0 935->947 936->932 936->933 948 7ff6058b3c31-7ff6058b3c40 call 7ff6058c4fa0 941->948 944 7ff6058b3c1e-7ff6058b3c2c 942->944 945 7ff6058b3c04-7ff6058b3c1c 942->945 944->948 945->948 957 7ff6058b3b87-7ff6058b3b9f call 7ff6058c52c0 946->957 958 7ff6058b3b7c-7ff6058b3b80 946->958 947->936 959 7ff6058b3b08-7ff6058b3b0f 947->959 955 7ff6058b3d41-7ff6058b3d63 call 7ff6058b44d0 948->955 956 7ff6058b3c46-7ff6058b3c4a 948->956 970 7ff6058b3d71-7ff6058b3d82 call 7ff6058b1c80 955->970 971 7ff6058b3d65-7ff6058b3d6f call 7ff6058b4620 955->971 960 7ff6058b3c50-7ff6058b3c5f call 7ff6058b90e0 956->960 961 7ff6058b3cd4-7ff6058b3ce6 call 7ff6058b8a20 956->961 972 7ff6058b3ba1-7ff6058b3ba5 957->972 973 7ff6058b3bac-7ff6058b3bc4 call 7ff6058c52c0 957->973 958->957 959->936 975 7ff6058b3c61 960->975 976 7ff6058b3cb3-7ff6058b3cbd call 7ff6058b8850 960->976 977 7ff6058b3d35-7ff6058b3d3c 961->977 978 7ff6058b3ce8-7ff6058b3ceb 961->978 985 7ff6058b3d87-7ff6058b3d96 970->985 971->985 972->973 973->936 988 7ff6058b3bc6 973->988 982 7ff6058b3c68 call 7ff6058b2710 975->982 994 7ff6058b3cbf-7ff6058b3cc6 976->994 995 7ff6058b3cc8-7ff6058b3ccf 976->995 977->982 978->977 983 7ff6058b3ced-7ff6058b3d10 call 7ff6058b1c80 978->983 996 7ff6058b3c6d-7ff6058b3c77 982->996 1000 7ff6058b3d12-7ff6058b3d26 call 7ff6058b2710 call 7ff6058c4fa0 983->1000 1001 7ff6058b3d2b-7ff6058b3d33 call 7ff6058c4fa0 983->1001 991 7ff6058b3dc4-7ff6058b3dda call 7ff6058b9400 985->991 992 7ff6058b3d98-7ff6058b3d9f 985->992 988->936 1004 7ff6058b3de8-7ff6058b3e04 SetDllDirectoryW 991->1004 1005 7ff6058b3ddc 991->1005 992->991 998 7ff6058b3da1-7ff6058b3da5 992->998 994->982 995->985 996->930 998->991 1002 7ff6058b3da7-7ff6058b3dbe SetDllDirectoryW LoadLibraryExW 998->1002 1000->996 1001->985 1002->991 1008 7ff6058b3f01-7ff6058b3f08 1004->1008 1009 7ff6058b3e0a-7ff6058b3e19 call 7ff6058b8a20 1004->1009 1005->1004 1011 7ff6058b3f0e-7ff6058b3f15 1008->1011 1012 7ff6058b3ffc-7ff6058b4004 1008->1012 1022 7ff6058b3e32-7ff6058b3e3c call 7ff6058c4fa0 1009->1022 1023 7ff6058b3e1b-7ff6058b3e21 1009->1023 1011->1012 1015 7ff6058b3f1b-7ff6058b3f25 call 7ff6058b33c0 1011->1015 1016 7ff6058b4029-7ff6058b4034 call 7ff6058b36a0 call 7ff6058b3360 1012->1016 1017 7ff6058b4006-7ff6058b4023 PostMessageW GetMessageW 1012->1017 1015->996 1029 7ff6058b3f2b-7ff6058b3f3f call 7ff6058b90c0 1015->1029 1033 7ff6058b4039-7ff6058b405b call 7ff6058b3670 call 7ff6058b6fb0 call 7ff6058b6d60 1016->1033 1017->1016 1034 7ff6058b3ef2-7ff6058b3efc call 7ff6058b8b30 1022->1034 1035 7ff6058b3e42-7ff6058b3e48 1022->1035 1026 7ff6058b3e23-7ff6058b3e2b 1023->1026 1027 7ff6058b3e2d-7ff6058b3e2f 1023->1027 1026->1027 1027->1022 1042 7ff6058b3f41-7ff6058b3f5e PostMessageW GetMessageW 1029->1042 1043 7ff6058b3f64-7ff6058b3fa7 call 7ff6058b8b30 call 7ff6058b8bd0 call 7ff6058b6fb0 call 7ff6058b6d60 call 7ff6058b8ad0 1029->1043 1034->1008 1035->1034 1039 7ff6058b3e4e-7ff6058b3e54 1035->1039 1040 7ff6058b3e5f-7ff6058b3e61 1039->1040 1041 7ff6058b3e56-7ff6058b3e58 1039->1041 1040->1008 1045 7ff6058b3e67-7ff6058b3e83 call 7ff6058b6db0 call 7ff6058b7330 1040->1045 1041->1045 1046 7ff6058b3e5a 1041->1046 1042->1043 1081 7ff6058b3fe9-7ff6058b3ff7 call 7ff6058b1900 1043->1081 1082 7ff6058b3fa9-7ff6058b3fb3 call 7ff6058b9200 1043->1082 1060 7ff6058b3e8e-7ff6058b3e95 1045->1060 1061 7ff6058b3e85-7ff6058b3e8c 1045->1061 1046->1008 1064 7ff6058b3eaf-7ff6058b3eb9 call 7ff6058b71a0 1060->1064 1065 7ff6058b3e97-7ff6058b3ea4 call 7ff6058b6df0 1060->1065 1063 7ff6058b3edb-7ff6058b3ef0 call 7ff6058b2a50 call 7ff6058b6fb0 call 7ff6058b6d60 1061->1063 1063->1008 1075 7ff6058b3ec4-7ff6058b3ed2 call 7ff6058b74e0 1064->1075 1076 7ff6058b3ebb-7ff6058b3ec2 1064->1076 1065->1064 1079 7ff6058b3ea6-7ff6058b3ead 1065->1079 1075->1008 1089 7ff6058b3ed4 1075->1089 1076->1063 1079->1063 1081->996 1082->1081 1092 7ff6058b3fb5-7ff6058b3fca 1082->1092 1089->1063 1093 7ff6058b3fe4 call 7ff6058b2a50 1092->1093 1094 7ff6058b3fcc-7ff6058b3fdf call 7ff6058b2710 call 7ff6058b1900 1092->1094 1093->1081 1094->996
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                          • Opcode ID: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                          • Instruction ID: 1d2d181ac6d6ab24e7e4c319cb1ad28d5e67ff1786bb00689cbf4bbc4e5df2b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F32AF21A0C6A291FB15FB21D455BB967A9AF44F80FA44832DE5DC32D6EF2CED58C310
                                                                                                                                                                                                                                          Function 00007FF8E745220C Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1148 7ff8e745220c-7ff8e7474d52 call 7ff8e74512ee 1152 7ff8e7474d84-7ff8e7474d8b call 7ff8e7451073 1148->1152 1153 7ff8e7474d54-7ff8e7474d6d ERR_put_error 1148->1153 1156 7ff8e7474d90-7ff8e7474d92 1152->1156 1155 7ff8e7474d72-7ff8e7474d83 1153->1155 1156->1155 1157 7ff8e7474d94-7ff8e7474da0 call 7ff8e7451da2 1156->1157 1160 7ff8e7474e08-7ff8e7474e25 CRYPTO_zalloc 1157->1160 1161 7ff8e7474da2-7ff8e7474dbf ERR_put_error 1157->1161 1162 7ff8e7474dc4-7ff8e7474dc9 1160->1162 1163 7ff8e7474e27-7ff8e7474e6c CRYPTO_THREAD_lock_new 1160->1163 1161->1162 1164 7ff8e7474dcf-7ff8e7474dec ERR_put_error call 7ff8e7452153 1162->1164 1167 7ff8e7474e6e-7ff8e7474ea3 ERR_put_error CRYPTO_free 1163->1167 1168 7ff8e7474ea8-7ff8e7474ec8 call 7ff8e74524e6 1163->1168 1169 7ff8e7474df1 1164->1169 1167->1169 1168->1162 1173 7ff8e7474ece-7ff8e7474ee8 OPENSSL_LH_new 1168->1173 1171 7ff8e7474df3-7ff8e7474e07 1169->1171 1173->1162 1174 7ff8e7474eee-7ff8e7474efa call 7ff8e74be03f 1173->1174 1174->1162 1177 7ff8e7474f00-7ff8e7474f0f call 7ff8e74be3bd 1174->1177 1177->1162 1180 7ff8e7474f15-7ff8e7474f26 call 7ff8e745241e 1177->1180 1180->1162 1183 7ff8e7474f2c-7ff8e7474f5b call 7ff8e7451ec4 1180->1183 1186 7ff8e747512f-7ff8e747513a 1183->1186 1187 7ff8e7474f61-7ff8e7474f6c OPENSSL_sk_num 1183->1187 1186->1164 1187->1186 1188 7ff8e7474f72-7ff8e7474f81 call 7ff8e74be2f1 1187->1188 1188->1162 1191 7ff8e7474f87-7ff8e7474f9d EVP_get_digestbyname 1188->1191 1192 7ff8e7474faf-7ff8e7474fc5 EVP_get_digestbyname 1191->1192 1193 7ff8e7474f9f-7ff8e7474faa 1191->1193 1194 7ff8e7474fd7-7ff8e7474fe6 OPENSSL_sk_new_null 1192->1194 1195 7ff8e7474fc7-7ff8e7474fd2 1192->1195 1193->1164 1194->1162 1196 7ff8e7474fec-7ff8e7474ffb OPENSSL_sk_new_null 1194->1196 1195->1164 1196->1162 1197 7ff8e7475001-7ff8e7475017 CRYPTO_new_ex_data 1196->1197 1197->1162 1198 7ff8e747501d-7ff8e747503e call 7ff8e74be28b 1197->1198 1198->1162 1201 7ff8e7475044-7ff8e747504f 1198->1201 1202 7ff8e747505d-7ff8e7475086 RAND_bytes 1201->1202 1203 7ff8e7475051-7ff8e7475056 call 7ff8e745129e 1201->1203 1205 7ff8e7475088-7ff8e747509b RAND_priv_bytes 1202->1205 1206 7ff8e74750b6 1202->1206 1203->1202 1205->1206 1208 7ff8e747509d-7ff8e74750b4 RAND_priv_bytes 1205->1208 1209 7ff8e74750c0-7ff8e74750d3 RAND_priv_bytes 1206->1209 1208->1206 1208->1209 1209->1162 1210 7ff8e74750d9-7ff8e74750e3 call 7ff8e74512d5 1209->1210 1210->1162 1213 7ff8e74750e9-7ff8e747512a call 7ff8e7451f41 1210->1213 1213->1171
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                                                          • API String ID: 1767461275-1115027282
                                                                                                                                                                                                                                          • Opcode ID: 91ea913b94ac5cebd562a50e85ddf006105196296dabc78c76552a640230465e
                                                                                                                                                                                                                                          • Instruction ID: 61f34ecfbf4ad69806256179de543d691c16c18091f9c31f45f5bdc944669963
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91ea913b94ac5cebd562a50e85ddf006105196296dabc78c76552a640230465e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4A13B31A09B8685FB90ABA5D4503FD22A5EF84B8CF440135DEAC4A3D6EF3CE54D8712
                                                                                                                                                                                                                                          Function 00007FF8E7451393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 347COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1298 7ff8e7451393-7ff8e749ea27 call 7ff8e74512ee OPENSSL_sk_new_null 1302 7ff8e749ea29-7ff8e749ea38 1298->1302 1303 7ff8e749ea3d-7ff8e749ea4c 1298->1303 1304 7ff8e749ef6c 1302->1304 1305 7ff8e749ea84-7ff8e749ea8c 1303->1305 1306 7ff8e749ea4e-7ff8e749ea55 1303->1306 1307 7ff8e749ef73-7ff8e749ef81 call 7ff8e7451c94 1304->1307 1309 7ff8e749ea92-7ff8e749eab9 1305->1309 1310 7ff8e749ef5b-7ff8e749ef68 1305->1310 1306->1305 1308 7ff8e749ea57-7ff8e749ea5c 1306->1308 1314 7ff8e749ef86 1307->1314 1308->1305 1312 7ff8e749ea5e-7ff8e749ea65 1308->1312 1309->1310 1313 7ff8e749eabf-7ff8e749eac2 1309->1313 1310->1304 1312->1310 1315 7ff8e749ea6b-7ff8e749ea7e 1312->1315 1313->1310 1316 7ff8e749eac8-7ff8e749eacb 1313->1316 1317 7ff8e749ef8e-7ff8e749efbe X509_free OPENSSL_sk_pop_free 1314->1317 1315->1305 1315->1310 1318 7ff8e749ead2-7ff8e749ead6 1316->1318 1319 7ff8e749ef32-7ff8e749ef59 call 7ff8e7451c94 1318->1319 1320 7ff8e749eadc-7ff8e749eb07 1318->1320 1319->1314 1320->1319 1322 7ff8e749eb0d-7ff8e749eb34 d2i_X509 1320->1322 1324 7ff8e749eb3a-7ff8e749eb43 1322->1324 1325 7ff8e749ef1f-7ff8e749ef30 1322->1325 1326 7ff8e749eb49-7ff8e749eb58 1324->1326 1327 7ff8e749ef0c-7ff8e749ef1d 1324->1327 1325->1307 1328 7ff8e749ec61-7ff8e749ec76 OPENSSL_sk_push 1326->1328 1329 7ff8e749eb5e-7ff8e749eb65 1326->1329 1327->1307 1331 7ff8e749eee3-7ff8e749ef07 call 7ff8e7451c94 1328->1331 1332 7ff8e749ec7c-7ff8e749ec86 1328->1332 1329->1328 1330 7ff8e749eb6b-7ff8e749eb70 1329->1330 1330->1328 1334 7ff8e749eb76-7ff8e749eb94 1330->1334 1331->1317 1332->1318 1333 7ff8e749ec8c-7ff8e749ec9f call 7ff8e74523ba 1332->1333 1342 7ff8e749eca1-7ff8e749eca3 1333->1342 1343 7ff8e749ed0e-7ff8e749ed16 ERR_clear_error 1333->1343 1337 7ff8e749ecf6-7ff8e749ed09 1334->1337 1338 7ff8e749eb9a-7ff8e749ebba 1334->1338 1337->1307 1338->1337 1341 7ff8e749ebc0-7ff8e749ec13 call 7ff8e745174e 1338->1341 1352 7ff8e749ec19-7ff8e749ec45 call 7ff8e7452419 1341->1352 1353 7ff8e749ecdb-7ff8e749ecf1 CRYPTO_free 1341->1353 1342->1343 1345 7ff8e749eca5-7ff8e749ecce call 7ff8e7452220 call 7ff8e7451c94 1342->1345 1347 7ff8e749ed43-7ff8e749ed6f OPENSSL_sk_value X509_get0_pubkey 1343->1347 1348 7ff8e749ed18-7ff8e749ed3e call 7ff8e7451c94 1343->1348 1365 7ff8e749ecd3-7ff8e749ecd6 1345->1365 1349 7ff8e749eeb5-7ff8e749eede call 7ff8e7451c94 1347->1349 1350 7ff8e749ed75-7ff8e749ed7f call 7ff8e74be453 1347->1350 1348->1317 1349->1317 1350->1349 1364 7ff8e749ed85-7ff8e749ed98 call 7ff8e7451de3 1350->1364 1352->1353 1366 7ff8e749ec4b-7ff8e749ec5c CRYPTO_free 1352->1366 1353->1314 1369 7ff8e749edc4-7ff8e749edd3 1364->1369 1370 7ff8e749ed9a-7ff8e749edbf call 7ff8e7451c94 1364->1370 1365->1317 1366->1328 1372 7ff8e749ede5-7ff8e749edf9 1369->1372 1373 7ff8e749edd5-7ff8e749eddc 1369->1373 1370->1317 1376 7ff8e749ee27-7ff8e749ee75 X509_free X509_up_ref 1372->1376 1377 7ff8e749edfb-7ff8e749ee22 call 7ff8e7451c94 1372->1377 1373->1372 1375 7ff8e749edde-7ff8e749ede3 1373->1375 1375->1372 1375->1376 1378 7ff8e749ee77-7ff8e749ee7e 1376->1378 1379 7ff8e749eeab-7ff8e749eeb0 1376->1379 1377->1317 1378->1379 1381 7ff8e749ee80-7ff8e749ee85 1378->1381 1379->1317 1381->1379 1383 7ff8e749ee87-7ff8e749eea5 call 7ff8e745248c 1381->1383 1383->1317 1383->1379
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1068509327-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 868516490e95769e0788fa70a196ffa069195a7dcaf6ecd55dd26213b306ddab
                                                                                                                                                                                                                                          • Instruction ID: 5a24f13f008dc5a7a7ee4a5dbab3bace484e1854ce30a1d078e10094364a53c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 868516490e95769e0788fa70a196ffa069195a7dcaf6ecd55dd26213b306ddab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFE1F172B0869386EB209B55D4403AD77A0EB84BCCF448135EEAD5BB89DF3DE549CB01
                                                                                                                                                                                                                                          Function 00007FF6058D69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction ID: 7f04cfa19fc558a1d87f6a05cde6825cea2615c0a95239ef699ab38f248f6e94
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8C1C136B28A6585EB10CF65C490AAC37A1F749FA8F215236DE2E977D4DF38D851C310
                                                                                                                                                                                                                                          Function 00007FF6058B92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction ID: 3195138e31847d25bb449d56df2700366ea0a2fb9b500260db9b2acbfdc3f3a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF06822A1875287FB609B60B459B6A7394BB88B64F145335DE6D426D4DF3CE8498A00
                                                                                                                                                                                                                                          Function 00007FF8E71FB110 Relevance: 93.5, APIs: 47, Strings: 6, Instructions: 718COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$LongLong_$Object_Size$ClearDeallocFormatOccurredString
                                                                                                                                                                                                                                          • String ID: Allocating ArgHelpers array$The Python object is invalid$The array of argument types must be a tuple whose size is <= to the number of arguments.$The return type information could not be parsed$not enough arguments (at least 5 needed)$value
                                                                                                                                                                                                                                          • API String ID: 2033694642-4244552354
                                                                                                                                                                                                                                          • Opcode ID: e3968847f6bf26d07a7e0d81941b5d0aeaf160698de3f32fa3456de3ef36cc68
                                                                                                                                                                                                                                          • Instruction ID: 9d7fd349b486aec4dd40a0b440e812f80324b14f240e9d8ed9dbe2da6cfa6f97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3968847f6bf26d07a7e0d81941b5d0aeaf160698de3f32fa3456de3ef36cc68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8625A32A09B4286EB299FA9D8443BC27A1FF44BD4F105235DE6E63B94EF3CE5458701
                                                                                                                                                                                                                                          Function 00007FF8E71FAD60 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 243threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1100 7ff8e71fad60-7ff8e71fad97 PyErr_Clear PyObject_Size 1101 7ff8e71faf36 1100->1101 1102 7ff8e71fad9d-7ff8e71fada0 1100->1102 1103 7ff8e71faf38-7ff8e71faf52 1101->1103 1104 7ff8e71fada2-7ff8e71fadb9 PyErr_Format 1102->1104 1105 7ff8e71fadbe-7ff8e71fadfb PyLong_AsLong * 4 PyErr_Occurred 1102->1105 1104->1103 1105->1101 1106 7ff8e71fae01-7ff8e71fae04 1105->1106 1107 7ff8e71fae06-7ff8e71fae1a PyErr_SetString 1106->1107 1108 7ff8e71fae1f-7ff8e71fae26 1106->1108 1107->1101 1109 7ff8e71fae41-7ff8e71fae5f call 7ff8e71faa20 1108->1109 1110 7ff8e71fae28-7ff8e71fae3c PyErr_SetString 1108->1110 1109->1101 1113 7ff8e71fae65-7ff8e71fae68 1109->1113 1110->1101 1114 7ff8e71fae7a 1113->1114 1115 7ff8e71fae6a-7ff8e71fae78 VariantInit 1113->1115 1116 7ff8e71fae7c-7ff8e71faed5 PyEval_SaveThread 1114->1116 1115->1116 1117 7ff8e71faedf-7ff8e71faefa PyEval_RestoreThread call 7ff8e71fac60 1116->1117 1120 7ff8e71faefc-7ff8e71faf03 1117->1120 1121 7ff8e71faf28-7ff8e71faf2b 1117->1121 1122 7ff8e71faf05-7ff8e71faf23 call 7ff8e71f4f30 1120->1122 1123 7ff8e71faf53-7ff8e71faf56 1120->1123 1121->1101 1124 7ff8e71faf2d-7ff8e71faf30 VariantClear 1121->1124 1122->1121 1126 7ff8e71faf5c-7ff8e71faf98 PyEval_SaveThread 1123->1126 1127 7ff8e71fb0da-7ff8e71fb0dd 1123->1127 1124->1101 1133 7ff8e71faf9a-7ff8e71fafb2 1126->1133 1134 7ff8e71fafb8-7ff8e71fafc3 PyEval_RestoreThread 1126->1134 1128 7ff8e71fb0df-7ff8e71fb0f6 call 7ff8e7242a20 VariantClear 1127->1128 1129 7ff8e71fb0fb-7ff8e71fb108 1127->1129 1128->1103 1129->1103 1133->1134 1135 7ff8e71fb0c1-7ff8e71fb0c3 1134->1135 1136 7ff8e71fafc9-7ff8e71fafcc 1134->1136 1137 7ff8e71fb0c5-7ff8e71fb0d1 1135->1137 1136->1135 1138 7ff8e71fafd2-7ff8e71faff4 PyEval_SaveThread GetErrorInfo PyEval_RestoreThread 1136->1138 1137->1127 1138->1135 1140 7ff8e71faffa-7ff8e71fb09c PyEval_SaveThread PyEval_RestoreThread 1138->1140 1145 7ff8e71fb09e-7ff8e71fb0b4 PyEval_SaveThread PyEval_RestoreThread 1140->1145 1146 7ff8e71fb0ba-7ff8e71fb0bf 1140->1146 1145->1146 1146->1137
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Err_LongLong_RestoreSave$Clear$ErrorFormatInfoObject_OccurredSizeStringVariant
                                                                                                                                                                                                                                          • String ID: The Python object is invalid$not enough arguments (at least 4 needed)
                                                                                                                                                                                                                                          • API String ID: 3932892490-3105778763
                                                                                                                                                                                                                                          • Opcode ID: 6efbed102ffe8193231523a3fc6f79ace74718f3e0470fec421c5dae28ce5b29
                                                                                                                                                                                                                                          • Instruction ID: 954dd4e9455de0c8b58a4ea48233ca332e8ad660b2c03db17a5e90604a5c426b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6efbed102ffe8193231523a3fc6f79ace74718f3e0470fec421c5dae28ce5b29
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5B11766B08B028AEB14DFB9D4542AC23B1FF48BD8B145136DE2E57B58EF3CE4498341
                                                                                                                                                                                                                                          Function 00007FF8E723F5C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 173threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1216 7ff8e723f5c0-7ff8e723f620 PyEval_SaveThread LHashValOfNameSys 1217 7ff8e723f627-7ff8e723f634 PyEval_RestoreThread 1216->1217 1218 7ff8e723f653-7ff8e723f659 1217->1218 1219 7ff8e723f636-7ff8e723f652 call 7ff8e71f4c10 1217->1219 1221 7ff8e723f65f-7ff8e723f662 1218->1221 1222 7ff8e723f7fc-7ff8e723f806 1218->1222 1225 7ff8e723f668-7ff8e723f66b 1221->1225 1226 7ff8e723f7d4-7ff8e723f7fa call 7ff8e7213cb0 1221->1226 1224 7ff8e723f80d-7ff8e723f815 1222->1224 1228 7ff8e723f81d-7ff8e723f820 1224->1228 1229 7ff8e723f817 1224->1229 1230 7ff8e723f7ac-7ff8e723f7b9 call 7ff8e7241830 1225->1230 1231 7ff8e723f671-7ff8e723f674 1225->1231 1226->1224 1233 7ff8e723f822-7ff8e723f833 PyTuple_New 1228->1233 1234 7ff8e723f857-7ff8e723f865 1228->1234 1229->1228 1245 7ff8e723f7bc-7ff8e723f7d2 1230->1245 1236 7ff8e723f6d8-7ff8e723f6e3 1231->1236 1237 7ff8e723f676-7ff8e723f679 1231->1237 1233->1234 1239 7ff8e723f835-7ff8e723f856 PyLong_FromLong 1233->1239 1236->1222 1238 7ff8e723f6e9-7ff8e723f6fc ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1236->1238 1237->1222 1241 7ff8e723f67f-7ff8e723f6a0 PyTuple_New 1237->1241 1243 7ff8e723f6fe-7ff8e723f713 PyEval_SaveThread PyEval_RestoreThread 1238->1243 1244 7ff8e723f720-7ff8e723f737 PyDict_GetItem 1238->1244 1250 7ff8e723f6c8-7ff8e723f6d3 1241->1250 1251 7ff8e723f6a2-7ff8e723f6c4 call 7ff8e7241830 call 7ff8e723f5c0 1241->1251 1259 7ff8e723f719-7ff8e723f71b 1243->1259 1246 7ff8e723f739-7ff8e723f73c _Py_Dealloc 1244->1246 1247 7ff8e723f742-7ff8e723f745 1244->1247 1245->1224 1246->1247 1252 7ff8e723f747-7ff8e723f74d PyErr_Clear 1247->1252 1253 7ff8e723f766-7ff8e723f778 PyObject_IsSubclass 1247->1253 1250->1245 1251->1250 1256 7ff8e723f754-7ff8e723f764 PyErr_SetString 1252->1256 1257 7ff8e723f77a-7ff8e723f781 1253->1257 1258 7ff8e723f783-7ff8e723f78d 1253->1258 1256->1243 1257->1256 1261 7ff8e723f798-7ff8e723f7a0 1258->1261 1262 7ff8e723f78f-7ff8e723f796 1258->1262 1259->1224 1261->1259 1267 7ff8e723f7a6-7ff8e723f7aa 1261->1267 1262->1256 1267->1224
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyEval_SaveThread.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF8E723F505), ref: 00007FF8E723F5D6
                                                                                                                                                                                                                                          • LHashValOfNameSys.OLEAUT32 ref: 00007FF8E723F5EC
                                                                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF8E723F505), ref: 00007FF8E723F62C
                                                                                                                                                                                                                                          • PyTuple_New.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF8E723F505), ref: 00007FF8E723F694
                                                                                                                                                                                                                                          • PyTuple_New.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF8E723F505), ref: 00007FF8E723F827
                                                                                                                                                                                                                                          • PyLong_FromLong.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF8E723F505), ref: 00007FF8E723F839
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_SaveThread.PYTHON311 ref: 00007FF8E71F4C55
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_RestoreThread.PYTHON311 ref: 00007FF8E71F4C98
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_SaveThread.PYTHON311 ref: 00007FF8E71F4CA6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: GetErrorInfo.OLEAUT32 ref: 00007FF8E71F4CB6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_RestoreThread.PYTHON311 ref: 00007FF8E71F4CC1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_SaveThread.PYTHON311 ref: 00007FF8E71F4CE4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_RestoreThread.PYTHON311 ref: 00007FF8E71F4D01
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_SaveThread.PYTHON311 ref: 00007FF8E71F4D32
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_RestoreThread.PYTHON311 ref: 00007FF8E71F4D4F
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_SaveThread.PYTHON311 ref: 00007FF8E71F4D81
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E71F4C10: PyEval_RestoreThread.PYTHON311 ref: 00007FF8E71F4D9E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • There is no interface object registered that supports this IID, xrefs: 00007FF8E723F74D
                                                                                                                                                                                                                                          • The type does not declare a PyCom constructor, xrefs: 00007FF8E723F78F
                                                                                                                                                                                                                                          • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FF8E723F77A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$RestoreSave$Tuple_$ErrorFromHashInfoLongLong_Name
                                                                                                                                                                                                                                          • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                          • API String ID: 4167696324-49823770
                                                                                                                                                                                                                                          • Opcode ID: 60386126fbd850936beb559b27c63ee8697daa3c8f226d2c976805251551d1eb
                                                                                                                                                                                                                                          • Instruction ID: 07970069cc8d567a6044b9defa2b8740fe051e47310c703ca3091b20b134debc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60386126fbd850936beb559b27c63ee8697daa3c8f226d2c976805251551d1eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE715E22B08A4292EA15ABA9E85437D63A0FF88FC5F544035DA6F47B64EF3CE4448706
                                                                                                                                                                                                                                          Function 00007FF8E71FBC10 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 127threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Err_$RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemObject_ParseSizeTuple_U_object@@
                                                                                                                                                                                                                                          • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|ii:GetTypeInfo
                                                                                                                                                                                                                                          • API String ID: 325624285-1333789200
                                                                                                                                                                                                                                          • Opcode ID: fc4824d094a2ab6e394239e92d306ba573369a9108fa8efce184437843cd5386
                                                                                                                                                                                                                                          • Instruction ID: e0b4f407619682cc9876043766f7c0f143bbd2be5efea20f8c09b192396b251c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc4824d094a2ab6e394239e92d306ba573369a9108fa8efce184437843cd5386
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98513365B1CB4682EA559F99F8402AD63A1FF88BD4F444036DE6E07768EF3CE445C702
                                                                                                                                                                                                                                          Function 00007FF6058B1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1386 7ff6058b1950-7ff6058b198b call 7ff6058b45b0 1389 7ff6058b1991-7ff6058b19d1 call 7ff6058b7f80 1386->1389 1390 7ff6058b1c4e-7ff6058b1c72 call 7ff6058bc5c0 1386->1390 1395 7ff6058b19d7-7ff6058b19e7 call 7ff6058c0744 1389->1395 1396 7ff6058b1c3b-7ff6058b1c3e call 7ff6058c00bc 1389->1396 1401 7ff6058b1a08-7ff6058b1a24 call 7ff6058c040c 1395->1401 1402 7ff6058b19e9-7ff6058b1a03 call 7ff6058c4f78 call 7ff6058b2910 1395->1402 1400 7ff6058b1c43-7ff6058b1c4b 1396->1400 1400->1390 1408 7ff6058b1a45-7ff6058b1a5a call 7ff6058c4f98 1401->1408 1409 7ff6058b1a26-7ff6058b1a40 call 7ff6058c4f78 call 7ff6058b2910 1401->1409 1402->1396 1415 7ff6058b1a5c-7ff6058b1a76 call 7ff6058c4f78 call 7ff6058b2910 1408->1415 1416 7ff6058b1a7b-7ff6058b1afc call 7ff6058b1c80 * 2 call 7ff6058c0744 1408->1416 1409->1396 1415->1396 1428 7ff6058b1b01-7ff6058b1b14 call 7ff6058c4fb4 1416->1428 1431 7ff6058b1b35-7ff6058b1b4e call 7ff6058c040c 1428->1431 1432 7ff6058b1b16-7ff6058b1b30 call 7ff6058c4f78 call 7ff6058b2910 1428->1432 1438 7ff6058b1b50-7ff6058b1b6a call 7ff6058c4f78 call 7ff6058b2910 1431->1438 1439 7ff6058b1b6f-7ff6058b1b8b call 7ff6058c0180 1431->1439 1432->1396 1438->1396 1445 7ff6058b1b9e-7ff6058b1bac 1439->1445 1446 7ff6058b1b8d-7ff6058b1b99 call 7ff6058b2710 1439->1446 1445->1396 1449 7ff6058b1bb2-7ff6058b1bb9 1445->1449 1446->1396 1452 7ff6058b1bc1-7ff6058b1bc7 1449->1452 1453 7ff6058b1be0-7ff6058b1bef 1452->1453 1454 7ff6058b1bc9-7ff6058b1bd6 1452->1454 1453->1453 1455 7ff6058b1bf1-7ff6058b1bfa 1453->1455 1454->1455 1456 7ff6058b1c0f 1455->1456 1457 7ff6058b1bfc-7ff6058b1bff 1455->1457 1458 7ff6058b1c11-7ff6058b1c24 1456->1458 1457->1456 1459 7ff6058b1c01-7ff6058b1c04 1457->1459 1460 7ff6058b1c26 1458->1460 1461 7ff6058b1c2d-7ff6058b1c39 1458->1461 1459->1456 1462 7ff6058b1c06-7ff6058b1c09 1459->1462 1460->1461 1461->1396 1461->1452 1462->1456 1463 7ff6058b1c0b-7ff6058b1c0d 1462->1463 1463->1458
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B7F80: _fread_nolock.LIBCMT ref: 00007FF6058B802A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF6058B1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6058B1B6A), ref: 00007FF6058B295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: 11092ae5d3052ba6452cd45c37cd662638f4e64129f80c3c6bb932d78e9f91b0
                                                                                                                                                                                                                                          • Instruction ID: f1a91e9918d5ae8c24b159f2d9e347d7653b53925efa363bfa1d1ef6ffa3a397
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11092ae5d3052ba6452cd45c37cd662638f4e64129f80c3c6bb932d78e9f91b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B081C271A086A685FB20EB24D069EB923A4EF44F84F604532DD8DCB795DF3CE985CB50
                                                                                                                                                                                                                                          Function 00007FF8E722A0C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 120threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadTuple_Variant$Arg_ClearDeallocErr_InitParseRestoreSaveSizeString
                                                                                                                                                                                                                                          • String ID: The Python object is invalid$|l:Next
                                                                                                                                                                                                                                          • API String ID: 3472174917-1850198577
                                                                                                                                                                                                                                          • Opcode ID: 8405b6c79d07dd08eb6a42455bc8bc8eaa38f2f7a0fd4974442635d337a8bced
                                                                                                                                                                                                                                          • Instruction ID: 084a4003498504cd608c81350d2e5b12922c6efad9504af730b45689283609d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8405b6c79d07dd08eb6a42455bc8bc8eaa38f2f7a0fd4974442635d337a8bced
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52416E22B08A8282EA15DF95E9443BD63B1FF84BE0F445235DE2E57B94EF7CE4458701
                                                                                                                                                                                                                                          Function 00007FF6058B2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: a1e35e3141d95c2409c2e63464ba6264b4bbb913594160bcb96f2f8410939e37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79510626604BB186D6249F26A4185BAB7A1F798B61F004122EFDF83794DF3CD445CB20
                                                                                                                                                                                                                                          Function 00007FF8E7213810 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 54libraryloaderthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: GlobalLock@@Win_$AcquireAddressCurrentHandleModuleProcReleaseThread
                                                                                                                                                                                                                                          • String ID: CoInitializeEx$CoInitializeEx failed (0x%08lx)$ole32.dll
                                                                                                                                                                                                                                          • API String ID: 2699693448-4213856137
                                                                                                                                                                                                                                          • Opcode ID: bb6747c30fba0cf11ab51f7a1ec97ac33c6e90a75420b49afa932459d7fb0830
                                                                                                                                                                                                                                          • Instruction ID: 308ed2dd58d53598c378d30e07bfb530f75a8f5e27feb650028536d3d013c3b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb6747c30fba0cf11ab51f7a1ec97ac33c6e90a75420b49afa932459d7fb0830
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62211A60E0E60386FB548BE5E84437D33A2BF497C4F518039C52F46AA2FE6DA5898703
                                                                                                                                                                                                                                          Function 00007FF8E7451B4A Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 569COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                                                                          • API String ID: 1692547093-34800109
                                                                                                                                                                                                                                          • Opcode ID: 83dc37795359d650e557dc592b32f1a2c8f6127fd5ee0c90c97ee6ce0c548c5f
                                                                                                                                                                                                                                          • Instruction ID: 1ab4eb6021ae1c1f8e8c20d1aa3eb3eb69d5841269a8d0d8088bedf35344eff1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83dc37795359d650e557dc592b32f1a2c8f6127fd5ee0c90c97ee6ce0c548c5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40429D72A086C786EA788B91E540B7D66A1FB417CCF144135CAAE47BC0CF3DE899C702
                                                                                                                                                                                                                                          Function 00007FF6058B1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: f599515de80ee8fd90e4e30852350dd088834938a4894cee172d61a1846b87c2
                                                                                                                                                                                                                                          • Instruction ID: 95c57a83001885a4b76288aba4438616c0e03befff84e44f7f11a0161bc447fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f599515de80ee8fd90e4e30852350dd088834938a4894cee172d61a1846b87c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2418E21B0866296FA10EF2194519BA6394FF44F94FA44932ED4D8BB95DF3CEE42CB00
                                                                                                                                                                                                                                          Function 00007FF6058B1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: c159a72c76b2611a845a2ca543b9a7638b955fc3d935b5a009b3ecfa5561eee1
                                                                                                                                                                                                                                          • Instruction ID: 74e16aef27c60c84b235ab08d7beb0def07c0831dacdad23b74bee76bd201abe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c159a72c76b2611a845a2ca543b9a7638b955fc3d935b5a009b3ecfa5561eee1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF512522A0866286FA60EB11A420BBA6795FF85F94F644235ED4DCB7D5EF3CEC41C700
                                                                                                                                                                                                                                          Function 00007FF6058B36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF6058B3804), ref: 00007FF6058B36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6058B3804), ref: 00007FF6058B36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6058B3706,?,00007FF6058B3804), ref: 00007FF6058B2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B2C50: MessageBoxW.USER32 ref: 00007FF6058B2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction ID: 8c6376224d279ece711e840e829ff5fa5ab5926e0f5191cf2a0c5bd59491dedc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6721B861F1C66381FA20A720E815BB62398BF48F55F604636DE5EC25D5EF2CED04C704
                                                                                                                                                                                                                                          Function 00007FF6058CBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                          • Instruction ID: e56336a5a096ee912e23782d3ad63c93b0eafe0467255d7e6c4f2917c79a7556
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66C1E722A0CEA641E7609B159442ABD7FA0EF81F81FB54A31EE4E87791CF7CEC558710
                                                                                                                                                                                                                                          Function 00007FF6058B6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                          • Instruction ID: d107a73e023a249e0a5cd1d9d04f31e84421e95e503e5a3fe991a695103e9559
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9418531A1CA9791FA11EB21E415AEA6359FF54B44FA00132EE5DC3696EF3CEE05C740
                                                                                                                                                                                                                                          Function 00007FF8E723F450 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bstr@@Object_$Arg_Err_FreeParseSizeStringTuple_U_object@@
                                                                                                                                                                                                                                          • String ID: O|i:Bind$The Python object is invalid
                                                                                                                                                                                                                                          • API String ID: 2245470160-2584696442
                                                                                                                                                                                                                                          • Opcode ID: 7d8a409648bad0742a63fe8117bf9a7e831f40d44b32f7b492b128c821ac61ce
                                                                                                                                                                                                                                          • Instruction ID: 77d5b7ba1620769a420f7386f6737a69639bc080380fee6758557d0571f5624d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d8a409648bad0742a63fe8117bf9a7e831f40d44b32f7b492b128c821ac61ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2215022B0874692EB109F96F44066EA3A0FF88BD0F480536DF6E07B58EF7CD5458705
                                                                                                                                                                                                                                          Function 00007FF8E72124C0 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyDict_New.PYTHON311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E72124D5
                                                                                                                                                                                                                                          • PyDict_New.PYTHON311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E72124EB
                                                                                                                                                                                                                                          • PyDict_New.PYTHON311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E7212501
                                                                                                                                                                                                                                          • ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z.PYWINTYPES311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E7212578
                                                                                                                                                                                                                                          • PyDict_SetItem.PYTHON311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E7212593
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311(?,?,?,?,00007FF8E721372B,?,?,?,?,00000000,00007FF8E71FCB3A,?,?,?,00007FF8E71F2323), ref: 00007FF8E72125A4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612089577.00007FF8E71F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E71F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612070972.00007FF8E71F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612131151.00007FF8E724C000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612162426.00007FF8E727F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612183253.00007FF8E728A000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612201977.00007FF8E728B000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612221711.00007FF8E7294000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e71f0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_$D@@@DeallocFromItemObject_U_object@@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 493995867-0
                                                                                                                                                                                                                                          • Opcode ID: df173a373a411c3bd7382735a246e5a2e06136a3ecfbc3f1e5e0f480da36f176
                                                                                                                                                                                                                                          • Instruction ID: 9cff39f0fde3063d762654aa7f7e497b72c550be17c1b7a7b51024404835204a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df173a373a411c3bd7382735a246e5a2e06136a3ecfbc3f1e5e0f480da36f176
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00311065F0AB4692FA599BA5D8A437D32E0FF44BD0F180139EA6F42394EF3DE4458312
                                                                                                                                                                                                                                          Function 00007FF8E7451497 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                                          • API String ID: 1958097105-2209325370
                                                                                                                                                                                                                                          • Opcode ID: a0ad00169d8610e4f6a8572f508db620e7534931c9619d3e0bdf9395d606371b
                                                                                                                                                                                                                                          • Instruction ID: 819b58c03d2982941c212ec854155536d97e1fb113c48f70219150e64eee9266
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0ad00169d8610e4f6a8572f508db620e7534931c9619d3e0bdf9395d606371b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED816E72A0968181EB51AE65D4843BD6690FF44FDCF188136DEAD07B88DF3DD44ACB42
                                                                                                                                                                                                                                          Function 00007FF6058B2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                          • Instruction ID: 8f610f98ef37a2198060c2320c6084b5a1c5bc520d33cca0f3cdcd1163bc471f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7631B73661869289EB20EF21E8556F963A0FF88B84F600135EE4DC7B59DF3CC904C700
                                                                                                                                                                                                                                          Function 00007FF6058C5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction ID: a0d7e91866ed9d6fd9211b19bfccba33caf4941b8c7ea7bc104afcea33d304fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F541B332E1879283EB109B20955077967A0FB94BA4F208735EE9C43AD2DF7CB9E08710
                                                                                                                                                                                                                                          Function 00007FF6058B20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction ID: 16acc08edb9e373ed77e8f31950a477603045119a783998e648d4ee3bdc029e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31110C25F0C16242F654A769E544ABD5396EF88F80F648031DF4A47B9DCD3DECD18600
                                                                                                                                                                                                                                          Function 00007FF6058BCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction ID: 66b92e3e7e41c72f1fa28cf001f490202278491a99e8fcfed8da1695ce5ac54f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B316D24E4917791FA54BB24D422BB92B959F45F84F784435DD4EC72D3DE2DBC05C210
                                                                                                                                                                                                                                          Function 00007FF8E7496C10 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-2512360314
                                                                                                                                                                                                                                          • Opcode ID: 26070a851bc5fec5e0ac0af166cc9bccace918524719dc3056e362111579dbb8
                                                                                                                                                                                                                                          • Instruction ID: aee0b6abbdc5982af4f7829e2b1f7cba5be0512c38807e68778ee9d5d95ae9dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26070a851bc5fec5e0ac0af166cc9bccace918524719dc3056e362111579dbb8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE919C32A0868386EB659FA5D4547BD23A1FB40BCCF440136DA6D47698DF3DE849C702
                                                                                                                                                                                                                                          Function 00007FF6058C01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction ID: ff9aa124da6ea3585927928471bedbf6d1259e906e8efecb892a1a29d6891c4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7751E321B09662C6EA29DA759408E7E6A91AF44FE4F344B35EE6D877C5CF3CEC018600
                                                                                                                                                                                                                                          Function 00007FF6058CC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction ID: 1a50a2934c85bba99ff43632cfa548ad0cef9fab2e81afb9c23dce78337a875b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5112361B18AA181DA108B26B8044696761FB45FF0F744732EE7E8B7E8CF3CD8118700
                                                                                                                                                                                                                                          Function 00007FF6058CA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9CE
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058D2D92,?,?,?,00007FF6058D2DCF,?,?,00000000,00007FF6058D3295,?,?,?,00007FF6058D31C7), ref: 00007FF6058CA9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction ID: 55d28f5b58712d62d18cd054e36e8c015ff12c7c788ef72553d5f5e33de2a7c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E08610F0861643FF085BB2585693C1A916F88F42F254935CC1DC62A1DF3C6C858710
                                                                                                                                                                                                                                          Function 00007FF6058CABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00007FF6058CAA45,?,?,00000000,00007FF6058CAAFA), ref: 00007FF6058CAC36
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6058CAA45,?,?,00000000,00007FF6058CAAFA), ref: 00007FF6058CAC40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction ID: a1588a20dde94b78a8bc2f83d14c71e0a101c01441fd2cb891a2202aa329d1a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E321D511F1C66642FE9857619494A7D1A929F84FA0F284B39DE2EC77C1DF7CEC458700
                                                                                                                                                                                                                                          Function 00007FF6058CBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction ID: f0ae24a5e0d2fceec5fe69bac93782a0f279d7f2cec546ff2d8fe4d45199d1ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09411132A1861187EA34CB19A441A797BA0EB46F91F600B31DE9EC3791CF3DEC42CB51
                                                                                                                                                                                                                                          Function 00007FF8E7496230 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,?,?,-00000031,00007FF8E7496912), ref: 00007FF8E74962EC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: M_grow_clean
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 964628749-0
                                                                                                                                                                                                                                          • Opcode ID: 92490c80729e825d4e58561fcd9fff08d20d4a8e6e7aa94c37604a550c9e1e8f
                                                                                                                                                                                                                                          • Instruction ID: df216ed6c747e2de9fd413b4dcb7f51c12ce2920aa7a07dbfde515c4b08d1368
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92490c80729e825d4e58561fcd9fff08d20d4a8e6e7aa94c37604a550c9e1e8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D416932A0968786EB649FA5D45037C2791EB80B9CF488136CE6D6779CDF3CE849C702
                                                                                                                                                                                                                                          Function 00007FF6058B7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 713ea3952fc0a1b89573ba55380497fadab7f44f6384bfd8da23e13b9ac5734e
                                                                                                                                                                                                                                          • Instruction ID: 8fc98fa340948eee28d23976f252e0342d169baeec0182cb9a4a6563aa35c43d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 713ea3952fc0a1b89573ba55380497fadab7f44f6384bfd8da23e13b9ac5734e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3621BC21B1867185FA14AB526504BBAA799BF45FC4F9C4430EE4D87786CF7DE842CB00
                                                                                                                                                                                                                                          Function 00007FF6058CB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                          • Instruction ID: 059bc0b131aadf2c4188fbec96bd7d9555f200e763ad3f0f459ab3439bb22949
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8131D231A28A6285F7105B558802B7C2E50AF40F96FB10B35ED6D833E2CF7CEC918720
                                                                                                                                                                                                                                          Function 00007FF8E7451E38 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                                                          • Opcode ID: 3c1b6e9dbcb6193dcf477490acdcc5181f4d0665b0bcae414083e0a9d1263214
                                                                                                                                                                                                                                          • Instruction ID: 427db8f6f44ff12933d014dd63df9460f5cdad4c94ea12c41f4301fca091f4fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c1b6e9dbcb6193dcf477490acdcc5181f4d0665b0bcae414083e0a9d1263214
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54316B32608B85C6D7508FA5E440BAD77A0F789B98F484136EE9C4BB59CFBDC1898B11
                                                                                                                                                                                                                                          Function 00007FF6058C6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 6004a3caf01c052bc90db5314c22fc3f98b012d98fa7817b73198c9bf04105f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A119332A2C66581EE649F11941097EAA60AF45F80F644A31FF4CD7A96DF3DED408700
                                                                                                                                                                                                                                          Function 00007FF6058D63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction ID: 5c870e49260b33c6185189260350fc952cb151d4f625ebea9e0f18f6f0800b72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B072A18A5686DB648F19D440B7977A1EB84FA4F340235EE9EC76D9EF3DD8008B00
                                                                                                                                                                                                                                          Function 00007FF6058C042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 5c4aab057678ecafcef8f4f4f256a134aa56a6d0912d6b0b0d5cdf0952d86d7e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3001C861A08761C0EA04DF52990186EAA91BF85FE4F284B71EE5C97BD6CF3CE9014300
                                                                                                                                                                                                                                          Function 00007FF8E7451C58 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                                                          • Opcode ID: fa439f07f6e2fc9af08a18eda61c13a97e49bc09e3200f612c9aa12797af5a79
                                                                                                                                                                                                                                          • Instruction ID: 961a0906c92c4d042393f1df0068d047d6f7e92cd04a0a02d42110be8b72a6f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa439f07f6e2fc9af08a18eda61c13a97e49bc09e3200f612c9aa12797af5a79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BE048F2F0514246F7605BF5D446B7C1290DB4875CF541030EE1CD6682E66DD9D68A05
                                                                                                                                                                                                                                          Function 00007FF6058B9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6058B9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6058B45E4,00000000,00007FF6058B1985), ref: 00007FF6058B9439
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00007FF6058B6466,?,00007FF6058B336E), ref: 00007FF6058B9092
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                                                                          • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                          • Instruction ID: 0f9c248f0c724db05c4923b418ba0e3612b22a8c671bcab89386c67e7e06da26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D0C211F2426541FE54A767BA56A395251AFCDFC0FA8C035EE0D43B5ADC3CC8814B00
                                                                                                                                                                                                                                          Function 00007FF6058CD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF6058C0D00,?,?,?,00007FF6058C236A,?,?,?,?,?,00007FF6058C3B59), ref: 00007FF6058CD6AA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2611152517.00007FF6058B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6058B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611131779.00007FF6058B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611179175.00007FF6058DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611202573.00007FF6058F1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2611241715.00007FF6058F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff6058b0000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction ID: d5564aaa478b89040d155f5dfbaaa5c6cd008f69d24bc232a2a3ea58281e36f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F05800B0A3A655FE6477615811E786A904F94FA0F280B30DC2EC53D2DF3CAC80D660

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF8E747CCE0 Relevance: 77.4, APIs: 43, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FF8E74774A9), ref: 00007FF8E747CD2D
                                                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FF8E74774A9), ref: 00007FF8E747CD7C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: a1096f2ee09d62dd1f0ffa4f34d30f18a47abd5aa7ce54d4090e2e407649b6ce
                                                                                                                                                                                                                                          • Instruction ID: ec7039ce709ce38e55017d2d25aff9ea1df5902a10cfc946639950eac80eb9b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1096f2ee09d62dd1f0ffa4f34d30f18a47abd5aa7ce54d4090e2e407649b6ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE18F22A1864281FB20ABA5E8107FD6665EB847CCF404175DEBD077D5DF3CE98A9B02
                                                                                                                                                                                                                                          Function 00007FF8E7451410 Relevance: 75.5, APIs: 3, Strings: 40, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$3DES(168)$AEAD$AES(128)$AES(256)$AESCCM(128)$AESCCM(256)$AESCCM8(128)$AESCCM8(256)$AESGCM(128)$AESGCM(256)$ARIAGCM(128)$ARIAGCM(256)$CHACHA20/POLY1305(256)$Camellia(128)$Camellia(256)$DES(56)$DHEPSK$ECDH$ECDHEPSK$GOST$GOST2012$GOST89$GOST89(256)$GOST94$IDEA(128)$MD5$None$PSK$RC2(128)$RC4(128)$RSA$RSAPSK$SEED(128)$SHA1$SHA256$SHA384$SRP$any$unknown
                                                                                                                                                                                                                                          • API String ID: 2513334388-3318204952
                                                                                                                                                                                                                                          • Opcode ID: fde97a2b048817d23f4b4cba98cf14bf6cf8eed148bc9d8db6859e9c8f451147
                                                                                                                                                                                                                                          • Instruction ID: 537e58809f676774ddcef5210807cd366d0ae27efd654988d3d56c6f0ee5b574
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde97a2b048817d23f4b4cba98cf14bf6cf8eed148bc9d8db6859e9c8f451147
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4B117A1E0C657A1FAA4ABE4E9447BC2261AF053CCF950432D97D525E4CF7CA94CCA43
                                                                                                                                                                                                                                          Function 00007FF8E74520B3 Relevance: 56.4, APIs: 30, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_new$R_flagsR_key_lengthX_freeX_reset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c$x
                                                                                                                                                                                                                                          • API String ID: 3297287953-3671953471
                                                                                                                                                                                                                                          • Opcode ID: 1a71fd60a371b1133bea939eef7f5f16c3393edef956e10c83ffad43939b2352
                                                                                                                                                                                                                                          • Instruction ID: ce4158db62a84fa7f6bbc2bbfcdc8a1bcdc398d3ffe701755e7fb624d79573f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a71fd60a371b1133bea939eef7f5f16c3393edef956e10c83ffad43939b2352
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F19832A08A8285EB64EBA6D4507BD27A0EB85BCCF444135DF6D47795DF3CE909CB02
                                                                                                                                                                                                                                          Function 00007FF8E7484B90 Relevance: 54.5, APIs: 28, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$R_put_error$D_lock_freeD_read_lockD_unlockL_cleanse$D_lock_newL_sk_pop_freeO_clear_freeO_free_ex_dataO_new_ex_dataO_zallocX509_free_time64memcpymemset
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\ssl_sess.c$T
                                                                                                                                                                                                                                          • API String ID: 1939687532-2024727245
                                                                                                                                                                                                                                          • Opcode ID: 22f609dfbdebc8434127fb413c710d0950d9b5b966a6cb4afa361dbc6bc6465f
                                                                                                                                                                                                                                          • Instruction ID: 135de24b2710a1621a5a582a29372aa409bb5659d83099022fb4752a8380ed96
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22f609dfbdebc8434127fb413c710d0950d9b5b966a6cb4afa361dbc6bc6465f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDC15B32A0868A82F755AEA5D4547FD27A1FB84BCCF044035EA2D4B795CF3CE94A9702
                                                                                                                                                                                                                                          Function 00007FF8E7451398 Relevance: 46.1, APIs: 24, Strings: 2, Instructions: 561COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_free$H_freeH_get0_keyO_freeX_freeX_newY_assignY_get0_Y_get1_tls_encodedpointY_newY_security_bits
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$g
                                                                                                                                                                                                                                          • API String ID: 2527737224-1154185083
                                                                                                                                                                                                                                          • Opcode ID: 9586b6335cabad9ba52bb0ce517f1f31d1ac33ef5260285484052c1f4bd281a5
                                                                                                                                                                                                                                          • Instruction ID: 60013d6c64f0b47bab62708ef9c4087c18a6da79c40a85754762dd84551db2c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9586b6335cabad9ba52bb0ce517f1f31d1ac33ef5260285484052c1f4bd281a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0532B271B0865285FB24AB91D4407BE63A1FB85BCCF044135DE6D1BB89EF3CE9098B46
                                                                                                                                                                                                                                          Function 00007FF8E74515B4 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbyname
                                                                                                                                                                                                                                          • String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
                                                                                                                                                                                                                                          • API String ID: 3257371973-344903700
                                                                                                                                                                                                                                          • Opcode ID: e03cde238bb8a0e8a8a93817b4daa8693714e8cd5a1878a3501b64fc198d863e
                                                                                                                                                                                                                                          • Instruction ID: 007ab31c365bd7d1fd92eb8f390ba344f557b380b4c23b807886ee3d8a74efdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e03cde238bb8a0e8a8a93817b4daa8693714e8cd5a1878a3501b64fc198d863e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3A17672A087528AF720DFA4E8407AD36A4FB887DCF150235EA6D47A94DF3CE549CB05
                                                                                                                                                                                                                                          Function 00007FF8E746CA00 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$R_put_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_newX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server
                                                                                                                                                                                                                                          • API String ID: 4052934069-2466788060
                                                                                                                                                                                                                                          • Opcode ID: c904cf498055ba33165453f734aa1bd1619fbfbcd7110f0c9755cec46be96b72
                                                                                                                                                                                                                                          • Instruction ID: f2447d7d7eaa25e5b1eedfb6052c2130170d1227f72e33cde818396444dafbe7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c904cf498055ba33165453f734aa1bd1619fbfbcd7110f0c9755cec46be96b72
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5616C21B08A5385EA44EBE2D5407BE6791EF85BC8F444035DE7D4779ADF3CE8098B02
                                                                                                                                                                                                                                          Function 00007FF8E7451DC0 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_dupN_free$O_freeO_strdup$R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 2900198586-1778748169
                                                                                                                                                                                                                                          • Opcode ID: 0a093856717eabed2c8fa6a576fa72df1c9d1cee3225193a21fbcf957c6d1b17
                                                                                                                                                                                                                                          • Instruction ID: d040e65a14b3d1308ef253c855fcbe8ce8849fd38d22147fb099fc0b58da16b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a093856717eabed2c8fa6a576fa72df1c9d1cee3225193a21fbcf957c6d1b17
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A15F22E0AB8281EA44DFA5D4907BC23A4FF88B88F484135EF6C47355DF2CF9998751
                                                                                                                                                                                                                                          Function 00007FF8E7452554 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_ctrlO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 775051240-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 437ea0913b718e33f34ee7e245967dbac10ba1fac4af9c762db259081f50a28d
                                                                                                                                                                                                                                          • Instruction ID: 21610b372300c8127478a747c1ecbaed0dc4161913437ddfe6e1a9879984841d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 437ea0913b718e33f34ee7e245967dbac10ba1fac4af9c762db259081f50a28d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72C10462B1869A89FB219BE5D4403BC27A5BF457CCF00413AFE6E57A85DF3CE6098701
                                                                                                                                                                                                                                          Function 00007FF8E74A96B0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 351COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9740
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_new.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9773
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A97ED
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A97F5
                                                                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A97FD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451951: ERR_put_error.LIBCRYPTO-1_1 ref: 00007FF8E746945A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451951: ASN1_item_free.LIBCRYPTO-1_1 ref: 00007FF8E7469469
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9928
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9930
                                                                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9938
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_iv_length.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A998A
                                                                                                                                                                                                                                          • EVP_CIPHER_iv_length.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A99A3
                                                                                                                                                                                                                                          • RAND_bytes.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A99B1
                                                                                                                                                                                                                                          • EVP_sha256.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A99E9
                                                                                                                                                                                                                                          • EVP_EncryptUpdate.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9ABC
                                                                                                                                                                                                                                          • EVP_EncryptFinal.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9B00
                                                                                                                                                                                                                                          • HMAC_Update.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9B76
                                                                                                                                                                                                                                          • HMAC_Final.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8E74AD207), ref: 00007FF8E74A9B9F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free$EncryptFinalO_freeUpdate$D_bytesN1_item_freeO_mallocP_sha256R_iv_lengthR_put_errorX_iv_lengthX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 4021942034-348624464
                                                                                                                                                                                                                                          • Opcode ID: 1d9819f8a96da3d863daccc951af31b314477aee542d48a711ec3517933418a7
                                                                                                                                                                                                                                          • Instruction ID: 4c2aeaf7e3b7450ae4cc3743ace21bdfeb5388f162a6f262578c349ee64db049
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d9819f8a96da3d863daccc951af31b314477aee542d48a711ec3517933418a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BE17E61B0C68285FB209BA6D4517BD23A1BF85BCCF044431EE6D5BB99EF3CE5098706
                                                                                                                                                                                                                                          Function 00007FF8E745177B Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 433COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_freeY_free$DigestSign$InitO_memcmpP_sha256X_newY_new_raw_private_key
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                          • API String ID: 1001666065-1533168471
                                                                                                                                                                                                                                          • Opcode ID: 9fd4ed3f4d1a4eaf59f5e83250eb1ba3b06cc763c03843256bf4def053115310
                                                                                                                                                                                                                                          • Instruction ID: 46ac297c9a2747c5556fddfb9c82007ed6783aff45db01ebf2268fda408e4c61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fd4ed3f4d1a4eaf59f5e83250eb1ba3b06cc763c03843256bf4def053115310
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A312E662B0C68345FB209BA5D4443BE2BA1EB857CCF454031EA6E966D5DF3CEA4DCB01
                                                                                                                                                                                                                                          Function 00007FF8E74B0F80 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 1068509327-348624464
                                                                                                                                                                                                                                          • Opcode ID: cffed164cf5a7e25a2e0dd7264a229707529278bcad714ee8c96ce2197dad380
                                                                                                                                                                                                                                          • Instruction ID: a0ab6fe775a86d901a89e8cdde533970d6d6c036611b14c1da64d7a6e0187bf7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cffed164cf5a7e25a2e0dd7264a229707529278bcad714ee8c96ce2197dad380
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2502E3B2A0C68186EB608B55E4447BE77A1FB85BCCF044135DB9D47A89EF3CE949CB01
                                                                                                                                                                                                                                          Function 00007FF8E7479700 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 1bad1a84b9d46e2993ae4860faad0636953d176d01ae829ce9841491479cbfea
                                                                                                                                                                                                                                          • Instruction ID: 159d40654536babb131c23130deb7ec1e8ee2acc69ec8138b57194d00bed8f05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bad1a84b9d46e2993ae4860faad0636953d176d01ae829ce9841491479cbfea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01E11976609B8196EB88CF65D9403ED73A4FB48B88F084136DF6C4B355DF38A465C711
                                                                                                                                                                                                                                          Function 00007FF8E74515C8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeX_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                          • API String ID: 419883019-2839845709
                                                                                                                                                                                                                                          • Opcode ID: 66dfd8d04c9b22b771f864fb5b1106cf1e7930d655a9ae484e1ff14a4b7362ab
                                                                                                                                                                                                                                          • Instruction ID: ecf968ef239dd016c64d2f3dc792346f915b46a057c7b4136a99d58fc260baba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66dfd8d04c9b22b771f864fb5b1106cf1e7930d655a9ae484e1ff14a4b7362ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E391A47170C68281FB609B92E4407BE6791EB85BCCF040031EE6D47B99EF7CD9499B06
                                                                                                                                                                                                                                          Function 00007FF8E7483640 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$L_cleanse$D_lock_freeL_sk_pop_freeO_clear_freeO_free_ex_dataX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 4155952050-2868363209
                                                                                                                                                                                                                                          • Opcode ID: 75cbe33fd446e8462f35a6c7aeffa0091ac159fc94e2a5721b15cfc81a3b58a8
                                                                                                                                                                                                                                          • Instruction ID: 5afdb01fa82d3e17fd407f9b478a58f64b75f70a6a8b453c1f5f3572e23e379c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75cbe33fd446e8462f35a6c7aeffa0091ac159fc94e2a5721b15cfc81a3b58a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC312E60B09A4795FB00BBA6C8557FC2321EF84BDCF440071EE2D4B296DE6CE9499762
                                                                                                                                                                                                                                          Function 00007FF8E74516F4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_mallocR_put_errorX509_chain_up_refX509_up_ref
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 101854310-2868363209
                                                                                                                                                                                                                                          • Opcode ID: cf47b19093d41879461a8cd018fc39013d435c13e9775e3da506aa56ed7419ea
                                                                                                                                                                                                                                          • Instruction ID: 112ae2c19f06bb973cd40433854d7a396749fc25cba156894fcad021c4fd56f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf47b19093d41879461a8cd018fc39013d435c13e9775e3da506aa56ed7419ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23A16B22A0AB8682FB559FA4D5403FC73A0FF54788F085235EFAC16656DF3CA598D312
                                                                                                                                                                                                                                          Function 00007FF8E74513F2 Relevance: 24.3, APIs: 16, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_findL_sk_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3834244297-0
                                                                                                                                                                                                                                          • Opcode ID: 73b4754adc439b0f81b3bb7115cc4321ffa7313c8073db85d9099a89ef926cd7
                                                                                                                                                                                                                                          • Instruction ID: 219497cb971745bac68afe94281f9516931431af038b5d729dc4ec1036809895
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73b4754adc439b0f81b3bb7115cc4321ffa7313c8073db85d9099a89ef926cd7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36B1D431B0864246FB649AD5D0813BEA691BF85BCCF544434DEBE87785DE3CE84D9B02
                                                                                                                                                                                                                                          Function 00007FF8E7452572 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_iv_length
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
                                                                                                                                                                                                                                          • API String ID: 507009519-1371881060
                                                                                                                                                                                                                                          • Opcode ID: 26fccaed6d51cdb629ab12f31784f5dd8c2b72fd534784e843262e244c1ed47a
                                                                                                                                                                                                                                          • Instruction ID: 99fefd783b9de021fbcdaf42a2ee5d88a927cf3acc82b2bdd963e407141fe8ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26fccaed6d51cdb629ab12f31784f5dd8c2b72fd534784e843262e244c1ed47a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E1B162B08A829AEB208BE5D4103BD27A1FB54BCCF048275DE6D57A89DF3CE559C701
                                                                                                                                                                                                                                          Function 00007FF8E745ECD0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_sizeX_md
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                          • API String ID: 3984586431-2721125279
                                                                                                                                                                                                                                          • Opcode ID: 78f2dc9e03a7160005ad46e5e1505074d600fdd00c44ebaf61c7155a9a10a42a
                                                                                                                                                                                                                                          • Instruction ID: b1d3daeaf57f5a432c4acc98b4c4c1f597baa9a62608541a21a0d988244f3840
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78f2dc9e03a7160005ad46e5e1505074d600fdd00c44ebaf61c7155a9a10a42a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CC1B472A09A8286EB609FA1D8007AD3795FB44BCCF480131DE6D4B795EF3DE949C712
                                                                                                                                                                                                                                          Function 00007FF8E749B660 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FF8E749C287), ref: 00007FF8E749B6CF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_get0_pubkey
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$0
                                                                                                                                                                                                                                          • API String ID: 2698272274-513810425
                                                                                                                                                                                                                                          • Opcode ID: 4d0312b11becdb61a71df342e0971a1c3f7444fd3fe22ef6f4b42720aa2883fc
                                                                                                                                                                                                                                          • Instruction ID: 4f56a44c41b89c24471676c7edcde1575a874d745e4f533e15db2f2f7262d66e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d0312b11becdb61a71df342e0971a1c3f7444fd3fe22ef6f4b42720aa2883fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4718E32A0964286E720DB96E4107AE7794EF84BCCF040175EE9D57B85DF3CE649CB01
                                                                                                                                                                                                                                          Function 00007FF8E7451DCF Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mem_ctrl$O_freeR_put_error$L_sk_findL_sk_pushO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                          • API String ID: 951782134-1847046956
                                                                                                                                                                                                                                          • Opcode ID: f17db73ed7a77f999254a1f8d8cc8e314b33ce571fc6193b6610e860e177fd8b
                                                                                                                                                                                                                                          • Instruction ID: eacdb93cb58877e0ffb40456648dae6def973e0c7aa93f8398dd9f2bcaca5611
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f17db73ed7a77f999254a1f8d8cc8e314b33ce571fc6193b6610e860e177fd8b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414A70B0861342FB14AB91E4013BD5261AF81BCCF444475EA7D0B7D6EF3DE9198B42
                                                                                                                                                                                                                                          Function 00007FF8E7451DD4 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 451COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_cleanse$O_free$D_lock_newO_mallocO_strdupO_strndupX509_chain_up_refX509_up_ref_time64memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 2801444773-927607112
                                                                                                                                                                                                                                          • Opcode ID: d95fbde0809925885b9d134bdb4d5fa59e5bdf5784f243678f51d345838c8c34
                                                                                                                                                                                                                                          • Instruction ID: 9f101a9fd501c0fc85db3d1293389b720bf530285fc5b2d74702979a3e6c2a4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d95fbde0809925885b9d134bdb4d5fa59e5bdf5784f243678f51d345838c8c34
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1212C2B2A086C686E760CBA5E4047BE67A1FB847CCF044135DEAD57A84DF7CE549CB01
                                                                                                                                                                                                                                          Function 00007FF8E7451B81 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                          • Opcode ID: 60cc7465e656b1b0ad6faf24ee8e72f03e6eeb3f218f3f0c38f93e14b5d55591
                                                                                                                                                                                                                                          • Instruction ID: b411b00a50af8273c52fb7048ba56b49225a1a1301584ef0e476493895932db9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60cc7465e656b1b0ad6faf24ee8e72f03e6eeb3f218f3f0c38f93e14b5d55591
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB218192E185C380EB40EBB0D8903FC1360FBD4B8CF895231EE6D4A156EF6CA8C58791
                                                                                                                                                                                                                                          Function 00007FF8E7451050 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$Y_free$L_cleanseO_free$N_bn2binN_num_bits
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 407376196-1507966698
                                                                                                                                                                                                                                          • Opcode ID: f6137a10ad43c07d6d0fb5c4a6429ce84742707a8511f9baba28107d12fd5666
                                                                                                                                                                                                                                          • Instruction ID: 3dd7c770154454004a2fa837c03898350afaaef7fc15ce3de3c3c5efd00ce018
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6137a10ad43c07d6d0fb5c4a6429ce84742707a8511f9baba28107d12fd5666
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45B18F72B0878385FB609BA2E444BBD2791EB84BC8F084135DE6D5BB95DF3CE5498702
                                                                                                                                                                                                                                          Function 00007FF8E74BD6B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_clear_free$N_num_bitsO_clear_freeO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 2929032726-1778748169
                                                                                                                                                                                                                                          • Opcode ID: cccec63ee3ff7d120219304d45e95ecc09dd2169564012ec1754436219c16c91
                                                                                                                                                                                                                                          • Instruction ID: 20a9c928c60cf15976113823e9199363462ae4b507801f890ea6708a27cfb64f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cccec63ee3ff7d120219304d45e95ecc09dd2169564012ec1754436219c16c91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0518161B0868241EA14AB92E5403FD6791FF85BC8F444535DF6D07B86DF3CF9198B41
                                                                                                                                                                                                                                          Function 00007FF8E74A1860 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_put_error$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$R
                                                                                                                                                                                                                                          • API String ID: 1091011155-469809446
                                                                                                                                                                                                                                          • Opcode ID: d40fc1e8920b1c7cce11feef57c892b5a1bc5a66315881aa6d5ea8f4a862d543
                                                                                                                                                                                                                                          • Instruction ID: 6a25a14adba78ba0e022f7e8ba36d3db42d167caf37c41a61a45e306f486ef50
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d40fc1e8920b1c7cce11feef57c892b5a1bc5a66315881aa6d5ea8f4a862d543
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13314A72A0874296E710DFA1E4007ED67A5FB487C8F844471EAAD07B55EF3DEA08CB06
                                                                                                                                                                                                                                          Function 00007FF8E7451A0A Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freememcpy$O_zalloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 150470908-348624464
                                                                                                                                                                                                                                          • Opcode ID: 9292a20789efc2b82fdfe7f2ab9c1d42024f0daa3868a5203c0c81826624932c
                                                                                                                                                                                                                                          • Instruction ID: 9ff970012e9eee13da077c8fbf5ae06461a705976051cc049659cf93e31f22a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9292a20789efc2b82fdfe7f2ab9c1d42024f0daa3868a5203c0c81826624932c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 460207B2A08A8182E7248F61E44477E77A1FB45BC8F548235DBAD07B95DF3CE998C701
                                                                                                                                                                                                                                          Function 00007FF8E749AE50 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 0-745226041
                                                                                                                                                                                                                                          • Opcode ID: 44454f43b1f3ea980afaff690e4f5c18cc7466aab1d694323b0d4b6940da0df4
                                                                                                                                                                                                                                          • Instruction ID: ba22dd9c29745a6ce75a3133b55b761c705a11a44051bf2f15170be99a6756d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44454f43b1f3ea980afaff690e4f5c18cc7466aab1d694323b0d4b6940da0df4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4816071B0874386FA64AB92E8157FE2252AF85BC8F404035DE6D5B785EF2CE9098702
                                                                                                                                                                                                                                          Function 00007FF8E7468330 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_derive$O_clear_freeO_mallocX_freeX_newY_derive_initY_derive_set_peer
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2104848214-4238427508
                                                                                                                                                                                                                                          • Opcode ID: a142076e1c011c0ced9f30ce8ecdaae3b76818ad9e462d3b3ed87e63c3efbba8
                                                                                                                                                                                                                                          • Instruction ID: 391ff385b2d631d22b8e28d853a7cfbcc39ed12b595481886500a4b1c1545f8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a142076e1c011c0ced9f30ce8ecdaae3b76818ad9e462d3b3ed87e63c3efbba8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51AF32B0C65246FB24AB96E5007BE6795BB84BD8F044035EE6C47B99EF3CE549C701
                                                                                                                                                                                                                                          Function 00007FF8E7476270 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3616133153-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 897a1bfd44cb2d92c76cfc1a2ce013ef7e98aa4e14ad66547f72b8516de6bc27
                                                                                                                                                                                                                                          • Instruction ID: 9f87d4a460d93bfa32b1b61a6346ce8a49a8c1e1e53883f60d1319a81cd9d948
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 897a1bfd44cb2d92c76cfc1a2ce013ef7e98aa4e14ad66547f72b8516de6bc27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE512A72A08A8282D750EF61D8403AD73A5FB84B9CF484135DF6D4B699DF3CD589CB22
                                                                                                                                                                                                                                          Function 00007FF8E7452414 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 415COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_deleteH_retrieveO_clear_flagsO_freeO_set_flagsO_snprintfR_add_error_datamemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c$SSL alert number
                                                                                                                                                                                                                                          • API String ID: 928870745-720991377
                                                                                                                                                                                                                                          • Opcode ID: ae4d8c0db4110a93d8769137fd6d24e2f493b1d9191341ba4f666f110201204f
                                                                                                                                                                                                                                          • Instruction ID: 4ce8c11504e72074bef51bf66d6b6bbafa65d9ee582a3f94b964cb6d17cc6cf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae4d8c0db4110a93d8769137fd6d24e2f493b1d9191341ba4f666f110201204f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50128F32B086C285EB60CFA5D4107BE2AE1EB45BCCF094136DE6D4B685DF7DE8488752
                                                                                                                                                                                                                                          Function 00007FF8E745230B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_memcmpO_strndupmemchr
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\_w\1\s\ssl\packet_local.h$k
                                                                                                                                                                                                                                          • API String ID: 2294304191-272834978
                                                                                                                                                                                                                                          • Opcode ID: 881e004b9fb2e61ea65754af8b344f45550b47115b5aed3ce0054defb5806c5d
                                                                                                                                                                                                                                          • Instruction ID: a6e9f65430334f85ec9ab5afa12d6f60c9a474753b8b38d7dcb1406e937ca2ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 881e004b9fb2e61ea65754af8b344f45550b47115b5aed3ce0054defb5806c5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A61E662B0868786EB608BA9E4007BE7790FB457C8F444135EA9C57B89DF3DE58AC701
                                                                                                                                                                                                                                          Function 00007FF8E74522C5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 4284552970-1080266419
                                                                                                                                                                                                                                          • Opcode ID: ec640b1fce37e7dba03ce6df3e7114ba8fe20af4cbb6bf2a58bccffba1cbd43a
                                                                                                                                                                                                                                          • Instruction ID: ef90012adc19c3e2fba7161a521733509524bcf234ca85d91514d6ae0adfb7d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec640b1fce37e7dba03ce6df3e7114ba8fe20af4cbb6bf2a58bccffba1cbd43a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD310421B0879182E7109BA9E8403BD73A0EB407C8F480175DFAD07796CF7DE95AD702
                                                                                                                                                                                                                                          Function 00007FF8E7454497 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 391COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c$=
                                                                                                                                                                                                                                          • API String ID: 3341103989-3341019427
                                                                                                                                                                                                                                          • Opcode ID: 1028fe5d8249108ccc8381c468ab2ed54f5b8a0a9637bdff95d71ad9575220db
                                                                                                                                                                                                                                          • Instruction ID: d680f3059cefb58d08bd405e2b11ce5a108cbd5fa49df7b05f1c1fc155d286b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1028fe5d8249108ccc8381c468ab2ed54f5b8a0a9637bdff95d71ad9575220db
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1311E36260818381D701AF69E8603EC6B619B8ABD8F4C8271DBA803296DE2CD959CB01
                                                                                                                                                                                                                                          Function 00007FF8E7488B60 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 301COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_zalloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$gfffffff$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                          • API String ID: 2237658545-598456477
                                                                                                                                                                                                                                          • Opcode ID: 95490531eb4f3b78b14be84aa5041ea0d03d7087d54fb98e0ceec55a82c35588
                                                                                                                                                                                                                                          • Instruction ID: 5bee459d48a4bf2f71a7932c85a68ca72ea39fd90426d8d7490ec5427dc0c3e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95490531eb4f3b78b14be84aa5041ea0d03d7087d54fb98e0ceec55a82c35588
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45C1B022B1868A85FB618B56E4407BD66A5FB94BC8F144132EEAC47B84CF3DD589C702
                                                                                                                                                                                                                                          Function 00007FF8E7451BE0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_bytesD_sizeO_freeO_memdup_time64
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$resumption
                                                                                                                                                                                                                                          • API String ID: 2587329016-332775882
                                                                                                                                                                                                                                          • Opcode ID: 749f564d46aa935423ae5dfb4155aa51dc5682ab428137c20cc1f4fdcc785876
                                                                                                                                                                                                                                          • Instruction ID: beb8bf93d40c818b125842ab04f0cc25475665b968d0f53d9676dda18bed3a32
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 749f564d46aa935423ae5dfb4155aa51dc5682ab428137c20cc1f4fdcc785876
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B1837260878181EB50DFA5D8547AE67A0EB85BCCF080036EE9C4BB99DF7CD589CB05
                                                                                                                                                                                                                                          Function 00007FF8E74513FC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$O_memcmpX_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$l
                                                                                                                                                                                                                                          • API String ID: 1067491572-3956761411
                                                                                                                                                                                                                                          • Opcode ID: f5b15ca945d57d3881092886b444f4ab70edea6bfd47fe8ce6465a4cc3e2dba1
                                                                                                                                                                                                                                          • Instruction ID: 5b806e9eb30b23d7a9541691615e0848757874ebf60f569220ab99ea3c8fe6a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5b15ca945d57d3881092886b444f4ab70edea6bfd47fe8ce6465a4cc3e2dba1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33918C32A0868186EB62CB55D4443AD37A8FB84FCCF184035DA6D4B795EF3DE989C706
                                                                                                                                                                                                                                          Function 00007FF8E74902B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                                          • Opcode ID: 11e1eb842c78fd467138533b37edb2a594dcb12146993c5631cd9af35d1d2053
                                                                                                                                                                                                                                          • Instruction ID: e0a5a15e658ec1b347a770341ef18e3d30b918feb5bf22cdf473cace47991a27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11e1eb842c78fd467138533b37edb2a594dcb12146993c5631cd9af35d1d2053
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8416032A09A4381EB61DB92F8406AD63A4FB447C8F454036DFAD47795DF7CD489C302
                                                                                                                                                                                                                                          Function 00007FF8E74A2A80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$X_free$memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 1711549817-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 258a081509908942275dda133ede93f374715a6b8cd4e8e61459e3aa093acbd0
                                                                                                                                                                                                                                          • Instruction ID: 8aa81043619f0977477fb95040d325bdd2f18d0b91694eaca2888108eaf1a3ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 258a081509908942275dda133ede93f374715a6b8cd4e8e61459e3aa093acbd0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86417E62A0868282EA14AFA6D4513BD2361FF88BCCF144031DF6D47796EF7DD8899346
                                                                                                                                                                                                                                          Function 00007FF8E7451A50 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_cleanse$O_freeO_memcmpO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2249876211-592572767
                                                                                                                                                                                                                                          • Opcode ID: aee2347abda0ceac1a69d1e986f2e2df4b97b3a0e04b0a18797c7a41e01f443c
                                                                                                                                                                                                                                          • Instruction ID: 0b814a23068299c0d75b60b3944c2ad0e1b57b858b31f57f25369332319fcf2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aee2347abda0ceac1a69d1e986f2e2df4b97b3a0e04b0a18797c7a41e01f443c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19D18072A08A8686FB609B91E4443BE67A5FB847CCF040135EE6D47B89DF7CE549CB01
                                                                                                                                                                                                                                          Function 00007FF8E7451FD2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2513334388-1643863364
                                                                                                                                                                                                                                          • Opcode ID: b709a59a0914b1682b79933491005276ab69a643cb5bc1b4e0022fd6b25533bd
                                                                                                                                                                                                                                          • Instruction ID: c36aa581bede99e2b7a6fe72b3b11bed2086a7f6c9c21b43e0ce215f19fcd31f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b709a59a0914b1682b79933491005276ab69a643cb5bc1b4e0022fd6b25533bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C331CE31B08682C5EB64DBA5E4007AEA756EB44BC8F448035DFAD03785EF3CE989C742
                                                                                                                                                                                                                                          Function 00007FF8E74B0D90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_bin2bnN_is_zeroN_ucmpO_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 3996552382-348624464
                                                                                                                                                                                                                                          • Opcode ID: b7b610606eb2ca173e0d03332e4c1c1cb82d9fcd6ae8eff693f8636d6138208a
                                                                                                                                                                                                                                          • Instruction ID: 4d92237fdc0952446eff94872792475408df97e4419adc4e0c602595fb96206e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7b610606eb2ca173e0d03332e4c1c1cb82d9fcd6ae8eff693f8636d6138208a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C331E232708A8681EB608FA1E4547BD63A1EB84BCCF444131DF5D4BBA5DF3CE9958B01
                                                                                                                                                                                                                                          Function 00007FF8E7451438 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 1108683871-1643863364
                                                                                                                                                                                                                                          • Opcode ID: 79b9e896cb3b3602ac5cfbb463c15153cfc43066e0358ebb137db392e88c09f7
                                                                                                                                                                                                                                          • Instruction ID: 74f918fa49847ec44d72955afdbdaf0e53febe53499710f97c02d33cce6206db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79b9e896cb3b3602ac5cfbb463c15153cfc43066e0358ebb137db392e88c09f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C31AD32A1C69696EB10DB91E8007EE6359FB447C8F404035EB6D43B85EF7DE9098B82
                                                                                                                                                                                                                                          Function 00007FF8E746CE00 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeX509_i2d_$memcmp
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 1487052844-349359282
                                                                                                                                                                                                                                          • Opcode ID: 73888ac4f581495a3a1d14fe49ef0b313d8125911fd6a81a66f89f135529aa31
                                                                                                                                                                                                                                          • Instruction ID: 3b3cf436e3da45f7634a3fe205609d834550e05d6a2c86284c68fc1c1029da05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73888ac4f581495a3a1d14fe49ef0b313d8125911fd6a81a66f89f135529aa31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301C422B0964381EA1097EAE8403AD5372AB85BC8F244031EF7D477CADF3DE8489702
                                                                                                                                                                                                                                          Function 00007FF8E7456BB0 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                                                          • Opcode ID: 2fa82e239c768f85544daf685da6aef658eed76f90f8658bee56d271cdb07b0f
                                                                                                                                                                                                                                          • Instruction ID: 5ec6e1a9ba180c6dd46569f9f51ea4e781081e9ec17d34833441e2a3aa765923
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa82e239c768f85544daf685da6aef658eed76f90f8658bee56d271cdb07b0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD317333B186C142EB88EBA5D691BFD22A2EB88BC8F444535DF2D47B51DF3CA4548742
                                                                                                                                                                                                                                          Function 00007FF8E7452063 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 4042585043-592572767
                                                                                                                                                                                                                                          • Opcode ID: 024a59c6c81a2b6b900746d9a1ca215bacbdaf268864f72a10ab181619b5c562
                                                                                                                                                                                                                                          • Instruction ID: dff1a127650f2837909d5cc28d0670ecdef691b42695fa665ccd9b037aa86dcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 024a59c6c81a2b6b900746d9a1ca215bacbdaf268864f72a10ab181619b5c562
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C719271B0868586F6609B92E4403BE67A1FF85BC8F084035EEAD57B95DF3CE549CB02
                                                                                                                                                                                                                                          Function 00007FF8E7451F37 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_bytesO_freeO_malloc
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 693915670-1632442243
                                                                                                                                                                                                                                          • Opcode ID: 34e398e4ca3e725bc7e5e1424324947e82c8a680c2017aea0e340e9bf44ea279
                                                                                                                                                                                                                                          • Instruction ID: 6953eaecf274bc96e4d21ee1eafb5f402ab877cdacf4ae2f80973b85e83e0909
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34e398e4ca3e725bc7e5e1424324947e82c8a680c2017aea0e340e9bf44ea279
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6451AF61B0C28241FB909B92E5047BD6695EF85BCCF181031DE6D8B7D6EF3DE8498706
                                                                                                                                                                                                                                          Function 00007FF8E745176C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2609694610-592572767
                                                                                                                                                                                                                                          • Opcode ID: 40d2d2ce71966091e5d2d28aec1c3b77be099a93105505a1809994333366fbc3
                                                                                                                                                                                                                                          • Instruction ID: 41008d294f9499e30fdb27dfa63e613cbc0b4b5d18623074900dbb2a97e5552b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40d2d2ce71966091e5d2d28aec1c3b77be099a93105505a1809994333366fbc3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F461AD72609B8181F7509F55E4803AD77A4FB89BD8F184235EAAC47B94CF3CD695CB01
                                                                                                                                                                                                                                          Function 00007FF8E7451479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3545228654-927607112
                                                                                                                                                                                                                                          • Opcode ID: 21ee22a89d219372b94e1188a6936701672838b84de22b6f0d2b5a447e80235d
                                                                                                                                                                                                                                          • Instruction ID: d2b900439b9d1c31e2128fa3199c4d20db629fdda90e67f9f00cacbc0619ddcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21ee22a89d219372b94e1188a6936701672838b84de22b6f0d2b5a447e80235d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D51B172A18B8282EB608F55E4403ED77A4FB45BC8F044135EAAC57B95CF3CE699CB01
                                                                                                                                                                                                                                          Function 00007FF8E747CB20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_reallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 54eae9a6d9b1913c3c778e33b6d8967878bf1ab2fdae6f6a487d96c0260a3cfd
                                                                                                                                                                                                                                          • Instruction ID: 5d624bd6af0f60b14817fcdb2c6cfbe091cf0b290c9834bf2f041b2468f62521
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54eae9a6d9b1913c3c778e33b6d8967878bf1ab2fdae6f6a487d96c0260a3cfd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4631BD7260878286EB218B65E8007AD77A8FB84BCCF444131EEAC07794DF3CE54AC701
                                                                                                                                                                                                                                          Function 00007FF8E745236A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 92311482-2868363209
                                                                                                                                                                                                                                          • Opcode ID: c1e8e972387ca311d616d7752b014abd602fecff977000ed5218981820998ba8
                                                                                                                                                                                                                                          • Instruction ID: ca025bea49da4ba99036ccf35cd26662ee98b11a4f6e4f2da628f013fc8c254a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1e8e972387ca311d616d7752b014abd602fecff977000ed5218981820998ba8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66219836709A8582FB108F59E4402ADB3A4FB84BC8F544031EFAC47BA9DF3DD9568701
                                                                                                                                                                                                                                          Function 00007FF8E7451235 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 1247630535-349359282
                                                                                                                                                                                                                                          • Opcode ID: 42e476832dfd119b692d95b7b9dbc52072031d28940638f0f4e45c78442cfb9f
                                                                                                                                                                                                                                          • Instruction ID: 81d627f85effaf4773a375cff2799014ca33140851a500c9291b2a4e5d5ccf82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e476832dfd119b692d95b7b9dbc52072031d28940638f0f4e45c78442cfb9f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A017932A19B9581EB50ABA5E4402AC7364FB84FCCF144125EBAD57B49CF3CE91ACB01
                                                                                                                                                                                                                                          Function 00007FF8E7472460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$L_sk_pop_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                          • API String ID: 1650471521-1527728938
                                                                                                                                                                                                                                          • Opcode ID: 257bd55fc60aab0e190f2a1b3176e977cdf505a9bcad217332c1b0c18620f4d9
                                                                                                                                                                                                                                          • Instruction ID: c0add043dfb22c8e9b95717ab78f10869749d036e0ea0c63343caabca91aca2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 257bd55fc60aab0e190f2a1b3176e977cdf505a9bcad217332c1b0c18620f4d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94015232B1868291EB50AB91E4403EC2761FB45BCCF445031EE9E57759CF6CEA499B12
                                                                                                                                                                                                                                          Function 00007FF8E74B8BA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2160744234-1643863364
                                                                                                                                                                                                                                          • Opcode ID: 4fcdc32539b9cea6f2874f279da2e2ed3fd2cb9d56b9bf251d5a1acf8abe3a31
                                                                                                                                                                                                                                          • Instruction ID: 3cf6fdc6921daf0fe36d91bfbea7eec162a758079298212805fe584c7bad4aea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fcdc32539b9cea6f2874f279da2e2ed3fd2cb9d56b9bf251d5a1acf8abe3a31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0718E22A09B8285EBA58F41E5007BD23A9FB94BC8F594036DF6D07794DF3CEC499742
                                                                                                                                                                                                                                          Function 00007FF8E7452225 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3962629258-119891211
                                                                                                                                                                                                                                          • Opcode ID: ae7be502b32a3e3e1a3a08a681946952ff1fe202740dae808e2cbd5220b2e69d
                                                                                                                                                                                                                                          • Instruction ID: 490a418712f4e584a2e36e705fdee261e77bc76d4a1445287634fc6bee1f9cba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae7be502b32a3e3e1a3a08a681946952ff1fe202740dae808e2cbd5220b2e69d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8419D72A19B8185EB518B65E8003BDB3A0FB987C8F045235EBED47B59EF3CE5948701
                                                                                                                                                                                                                                          Function 00007FF8E748F840 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_realloc.LIBCRYPTO-1_1(?,?,?,00007FF8E748FB5A,?,?,?,00007FF8E748F62E), ref: 00007FF8E748F955
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_realloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                                                                          • API String ID: 3931833713-171970420
                                                                                                                                                                                                                                          • Opcode ID: 69878b9c1f5459b2deac94036385844900aa92d462939be4734a21e350006583
                                                                                                                                                                                                                                          • Instruction ID: 2d469dbc6d89c50f890ce84a79cef15dacd830fb7a609239d3f7df28e77b64cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69878b9c1f5459b2deac94036385844900aa92d462939be4734a21e350006583
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11417E72A08B8685FB648B89E48032DA7A0EF58BC8F144132EE9D53765DF3DD496C702
                                                                                                                                                                                                                                          Function 00007FF8E74584D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: M_growO_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                          • API String ID: 1461889847-1434567093
                                                                                                                                                                                                                                          • Opcode ID: 4aee798ef5c2d89e9bb50e800289214e4866e7e0b7465f8489c3b185f127838b
                                                                                                                                                                                                                                          • Instruction ID: b2b17dc164dc236ea2dc8f856d66cd15f9fd6ecd983f0d407043a7befd08b48d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aee798ef5c2d89e9bb50e800289214e4866e7e0b7465f8489c3b185f127838b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57418932609A8981EB14CF69E14036C63A4EB48BECF554636DB6D437A8DF3CE899C701
                                                                                                                                                                                                                                          Function 00007FF8E749AC80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1826982404-1507966698
                                                                                                                                                                                                                                          • Opcode ID: f34ad54c7c88a61a2841cdf7df82e34540ebc13017f979cd14f449b5a034cc8c
                                                                                                                                                                                                                                          • Instruction ID: 935c81c823c0491a59f1d7d7365a1f0cc51180caa1f716c9e51a357bc0961cd8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f34ad54c7c88a61a2841cdf7df82e34540ebc13017f979cd14f449b5a034cc8c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18318E7170868286E760DF92E5007BD6B91FB88BC8F440534EEAC17B45DF7CE20A8B02
                                                                                                                                                                                                                                          Function 00007FF8E749CCB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$X_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 306345296-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 2f786cba4f9eef649c5a60ca6bb6b0e9634949939262eb9925a453df11e45fd5
                                                                                                                                                                                                                                          • Instruction ID: bf413ce1c1f26f9fc30473d9635d2d9269014fd0614aa67e24ec7ff1cf8a2448
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f786cba4f9eef649c5a60ca6bb6b0e9634949939262eb9925a453df11e45fd5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B731037270869282E760CBA2E5007AEA7A1FB85BC8F040135EF9C47F85CF3DD4558B01
                                                                                                                                                                                                                                          Function 00007FF8E7459610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                          • API String ID: 2513334388-1306860146
                                                                                                                                                                                                                                          • Opcode ID: de45bfcb9a0f062ec63369525f24e297e77a1710bedd5407257f09a22cbbae8b
                                                                                                                                                                                                                                          • Instruction ID: 24006f1d7ac8a18d5ee5247c3e66c6766d417407d6ce4dfa2f52c2b54872c439
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de45bfcb9a0f062ec63369525f24e297e77a1710bedd5407257f09a22cbbae8b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19217C62A0868295EB40EBA5E4403AD73A5FF44BCCF550535EB6C47786EF3DE898C701
                                                                                                                                                                                                                                          Function 00007FF8E7466E79 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-2670486660
                                                                                                                                                                                                                                          • Opcode ID: e68cddfb2dd89a4d967674883c60c167138d0a9aedd050d4b8fb8c864578d238
                                                                                                                                                                                                                                          • Instruction ID: 472705c870d82f22fd928de7fe59b46ee3a40f2bf94d38347e005179ba60b2be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e68cddfb2dd89a4d967674883c60c167138d0a9aedd050d4b8fb8c864578d238
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 561126B1A2D28345FB294AD4D15037C66A1EB00BCCF540038DA7E46ACADF3ED6498703
                                                                                                                                                                                                                                          Function 00007FF8E7452469 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1834057931-592572767
                                                                                                                                                                                                                                          • Opcode ID: 864a83f5916029a1af29b859677889682fc3ea6a5c5468ee1fbb24b38249cb9a
                                                                                                                                                                                                                                          • Instruction ID: 6e9099a3db875ae50905d78a5d16b3adb852025e8920157471b758166ecaa00a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 864a83f5916029a1af29b859677889682fc3ea6a5c5468ee1fbb24b38249cb9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5417122B08A4981FB648BA5E4447BD63A0FB44FC8F084475EA6C477A4CF7CE959C742
                                                                                                                                                                                                                                          Function 00007FF8E745163B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2609694610-592572767
                                                                                                                                                                                                                                          • Opcode ID: 5b7c3ad369a59a3efb379db7aa76d8f8b8e179c06d912e48ca8af0211d1b34a9
                                                                                                                                                                                                                                          • Instruction ID: 38075a1b43e17c5bc5aa588dc6f053f45d3de42cea435e01716cf2db5478b6f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7c3ad369a59a3efb379db7aa76d8f8b8e179c06d912e48ca8af0211d1b34a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF41A231A0DB9681F7609B52E4003AEA791EB84BC8F184034EAAC47B99DF3CE5598B01
                                                                                                                                                                                                                                          Function 00007FF8E7451E7E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                                          • API String ID: 2609694610-837614940
                                                                                                                                                                                                                                          • Opcode ID: cd5dc9fe06dede5ed2fcb0ed186ad159af6ada55c6d3cda0cf49d55e1f7c063f
                                                                                                                                                                                                                                          • Instruction ID: fcdcc24f519659d0b709320fd822c3b75fc3933fea22d5146fa3eb273164649e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd5dc9fe06dede5ed2fcb0ed186ad159af6ada55c6d3cda0cf49d55e1f7c063f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9319272A0979282E7609FA1E8403AD62A5FB45BD8F184534EEAC0BB89DF3CE555C701
                                                                                                                                                                                                                                          Function 00007FF8E749D810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 2000c5731a1213d8ee572ac9880806fa20ff17ee7525aff5a25f8088377f598c
                                                                                                                                                                                                                                          • Instruction ID: f45873998efefbfcf7fb7735655f600310d350ff1d619afdcec2e37ec08fd917
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2000c5731a1213d8ee572ac9880806fa20ff17ee7525aff5a25f8088377f598c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3131BEB2A2C6C141E7509B91F4403AEB7A1EB857D8F045134EBDD66B99DF7CD1888B01
                                                                                                                                                                                                                                          Function 00007FF8E7498DD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 6b43384662a398f58ce2a1e53dd2975cbbce3ed833b6ede4c270e4ad236f80f3
                                                                                                                                                                                                                                          • Instruction ID: ae081efb19b4ce700358555cb9f7cd53d72bb4e4f510d73106f918c9ec665938
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b43384662a398f58ce2a1e53dd2975cbbce3ed833b6ede4c270e4ad236f80f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331C172A2C7C145D7208B55E4003AEB7A5FB857C8F044134EAD957B4ADF7CD5848B01
                                                                                                                                                                                                                                          Function 00007FF8E7451D61 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E749AA5C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FF8E7468809
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: memset.VCRUNTIME140 ref: 00007FF8E7468837
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: memcpy.VCRUNTIME140 ref: 00007FF8E7468873
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E7468896
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E74688FD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E7468978
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$O_mallocmemcpymemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$@
                                                                                                                                                                                                                                          • API String ID: 2470733610-1207107681
                                                                                                                                                                                                                                          • Opcode ID: e4d4cdde298d1172b8e8340d3a0ab5fe65440cade9bf41582b9e4c77c501c576
                                                                                                                                                                                                                                          • Instruction ID: c954f7a705d62e45aa4999258fffb6d015ec10de0d302d17ce403de3c5b713d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4d4cdde298d1172b8e8340d3a0ab5fe65440cade9bf41582b9e4c77c501c576
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21AF3270878282E750CB92E5447AE67A1FB85BC8F044031EE9C57B96CF3CE149C301
                                                                                                                                                                                                                                          Function 00007FF8E749848B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$@
                                                                                                                                                                                                                                          • API String ID: 2011826501-1207107681
                                                                                                                                                                                                                                          • Opcode ID: d21d4c6090d174debb11d9cbc1e24d6117c93b83ddf3e5939d34b6b950c2a2ba
                                                                                                                                                                                                                                          • Instruction ID: 16d14fa376ccd7327cd200913d5549008a9dc7d512c5a1106e7bbe7834fe4c2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d21d4c6090d174debb11d9cbc1e24d6117c93b83ddf3e5939d34b6b950c2a2ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E216D21708B8289EB508B56D5447BD6765EF85FD8F084031CE5C2BB96DF3DE4498701
                                                                                                                                                                                                                                          Function 00007FF8E745E220 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$F
                                                                                                                                                                                                                                          • API String ID: 1457121658-4203526889
                                                                                                                                                                                                                                          • Opcode ID: cf5c08b39847fc30ac0c27f98f0fa153bf36606ff7afec33aeb05d1c108f8860
                                                                                                                                                                                                                                          • Instruction ID: fffa3a8b4ce7f6d10c477b124b3cd52304ca1ead676d3c1be96cb4a998b85d68
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf5c08b39847fc30ac0c27f98f0fa153bf36606ff7afec33aeb05d1c108f8860
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94118132B08A9181EB509B15E9003AD63A5FB88BC8F484135EF9C97B89DF3DD995CB05
                                                                                                                                                                                                                                          Function 00007FF8E7497600 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3962629258-1466776524
                                                                                                                                                                                                                                          • Opcode ID: d80ebcd9daf1e682374a543aba2926fd5e3be1c8032baebf917a1fb97771027e
                                                                                                                                                                                                                                          • Instruction ID: 1a95bb40ecad7f6951b90d54ef962bbf5412c17dbf206741267e45f664f198cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d80ebcd9daf1e682374a543aba2926fd5e3be1c8032baebf917a1fb97771027e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42012C32716B8281EB509F56E8803A963A4EB98BC4F088071EF9C97B55DE3CD9948701
                                                                                                                                                                                                                                          Function 00007FF8E7490B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3962629258-1466776524
                                                                                                                                                                                                                                          • Opcode ID: 7eac6bcb858543b8ff6cc2d81774779671f24c96a3e11f7366e6782f4409a7f6
                                                                                                                                                                                                                                          • Instruction ID: 85e7b53ad547aaaccd686b1aea66fc428fd81e147f14ebac16ffd9d4f05b44cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eac6bcb858543b8ff6cc2d81774779671f24c96a3e11f7366e6782f4409a7f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9012C32716B8281EB509F52F8803A963A4EB98BC4F088031EFDC97B55DE3CD5948701
                                                                                                                                                                                                                                          Function 00007FF8E745189D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\pqueue.c
                                                                                                                                                                                                                                          • API String ID: 2513334388-354262084
                                                                                                                                                                                                                                          • Opcode ID: 2cfa7d96ff3854cc7d14b48aaf546ef05ce734e7593b02f435621de358845a39
                                                                                                                                                                                                                                          • Instruction ID: 340a5d58ed08005295c7fc1241fa1562072131115f0d0ad0db842db981432806
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cfa7d96ff3854cc7d14b48aaf546ef05ce734e7593b02f435621de358845a39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1017872A0964286EB419B55E4403AD73A4EB487C8F554032EB6C03795EF3CEA488B01
                                                                                                                                                                                                                                          Function 00007FF8E7458420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                          • API String ID: 2718799170-1434567093
                                                                                                                                                                                                                                          • Opcode ID: 582553ef1f202b757665d44370c5561ce62762b9f278f2db843a503c4103b6c2
                                                                                                                                                                                                                                          • Instruction ID: 7c59656fb2829babca99a25e9770a51a03fdebd631806fc3e4d52d6b6e55663c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 582553ef1f202b757665d44370c5561ce62762b9f278f2db843a503c4103b6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5601A272606B0585EB14DF94E4503AC33A4EB44B8CF614034DB6C873A0EF7DD99AC741
                                                                                                                                                                                                                                          Function 00007FF8E7497890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 2641571835-1466776524
                                                                                                                                                                                                                                          • Opcode ID: 08fdd943f772afc83b4efc24db8a7528b5b4bef3e73e490ea4112b2e8f33607f
                                                                                                                                                                                                                                          • Instruction ID: 1e47285df28504b71bfed9be6458fe630b08674cec432f03023f0415e2763e75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08fdd943f772afc83b4efc24db8a7528b5b4bef3e73e490ea4112b2e8f33607f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F0A731709A4681EB00AB96E8917EC1360DB48BC8F048031EF1C87755CE3CD8A48701
                                                                                                                                                                                                                                          Function 00007FF8E7490D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 2641571835-1466776524
                                                                                                                                                                                                                                          • Opcode ID: b3d9c8b9ff2aaa9ea1d544baa696c545a827f0f392f6b3251268dbcff2687cdc
                                                                                                                                                                                                                                          • Instruction ID: 1e47285df28504b71bfed9be6458fe630b08674cec432f03023f0415e2763e75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3d9c8b9ff2aaa9ea1d544baa696c545a827f0f392f6b3251268dbcff2687cdc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F0A731709A4681EB00AB96E8917EC1360DB48BC8F048031EF1C87755CE3CD8A48701
                                                                                                                                                                                                                                          Function 00007FF8E7466F48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-4238427508
                                                                                                                                                                                                                                          • Opcode ID: 68b832df39b034697c86a4b98fa833fcb3732d31af77036bcd79a6c061917e19
                                                                                                                                                                                                                                          • Instruction ID: f76b23c807020b4d18f2463cca909332d670506e5a04f443e8fa2c4b3625a5b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68b832df39b034697c86a4b98fa833fcb3732d31af77036bcd79a6c061917e19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F03A71A09B4381EB65DF85E0503BC63A4EB44BCCF840034DD2C0A799EF7CE6489B12
                                                                                                                                                                                                                                          Function 00007FF8E747CA30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 1793b981201c603af54368f8fd872e48aa01e6e49695a3594bd5f8cd15e1b172
                                                                                                                                                                                                                                          • Instruction ID: f1ffdf10a150affe250d09c1bdd7535c703cc071510377511e4556005978e31a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1793b981201c603af54368f8fd872e48aa01e6e49695a3594bd5f8cd15e1b172
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E01A62B14B81C0EB00ABB5D8413AC3761EB44B8CF448171DE6C4B386DFBDD989D762
                                                                                                                                                                                                                                          Function 00007FF8E7452388 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                          • Opcode ID: cb58765a2814a53a204209f8b04df04140b28a8e794530c47c3e03cc9a5c4696
                                                                                                                                                                                                                                          • Instruction ID: 5f587f15e2aee9cfcb59568c64055be88690b7d317d6a2ce731a62753c030b8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb58765a2814a53a204209f8b04df04140b28a8e794530c47c3e03cc9a5c4696
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6310232608B81C5E7619F61E4002ADB7A0EB44BCCF444135DBAD57B95DF3DE55ACB01
                                                                                                                                                                                                                                          Function 00007FF8E7451A69 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1853348325
                                                                                                                                                                                                                                          • Opcode ID: 2e2483a51991c5821eee356769ffd48030e239a2cb7860b3d30d9ae67c9f93f5
                                                                                                                                                                                                                                          • Instruction ID: f9e48ce243f2e309ee81673da488701e88addf7e731ce3b185d10cb09776312b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e2483a51991c5821eee356769ffd48030e239a2cb7860b3d30d9ae67c9f93f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C31D632A1D68286F7508B54E4407ADB7A4F7857D8F104131FA9D93B85DF3CE5A9C701
                                                                                                                                                                                                                                          Function 00007FF8E7498A97 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                          • Opcode ID: c2c51bba8fa6b847da97064460e2f4c2c18bb80e061b419b28bbe3ba3b579cf8
                                                                                                                                                                                                                                          • Instruction ID: 0b88a56dd8ea83f6a1e9ac1f009c162b9589880ea108f9c1a2a01f1aa4676f19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2c51bba8fa6b847da97064460e2f4c2c18bb80e061b419b28bbe3ba3b579cf8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F31C072608A4285E7208F66E8003BDB7A5EB85BCCF184136DAAD57B85DF3DD149C702
                                                                                                                                                                                                                                          Function 00007FF8E7451E29 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                          • Opcode ID: b9dd750b1c5121965e1965d5641eac40fd13e12b89ea7d50d6e186f43b77b6f3
                                                                                                                                                                                                                                          • Instruction ID: d1e84e6dee915a951401ec5ad5f0282124564d5671ee192799056a144d2c5744
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9dd750b1c5121965e1965d5641eac40fd13e12b89ea7d50d6e186f43b77b6f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF31F531708B8285E7509FA6E4107BDB7A0EB45FC8F144136EA5D677C9EE2CD555C301
                                                                                                                                                                                                                                          Function 00007FF8E7451078 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-592572767
                                                                                                                                                                                                                                          • Opcode ID: 1e028ee2aa4cd9d1b7d3d1f24ce549f6ff14020e223882702196b26808960352
                                                                                                                                                                                                                                          • Instruction ID: c5e90efe6bf4f498eefaf562c007d8bb0c7fab9a2b557bc926537086a565b8d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e028ee2aa4cd9d1b7d3d1f24ce549f6ff14020e223882702196b26808960352
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A21A161B0868582F710DB96E0403BE63E1EB44BC8F140131EE6C8BB99CF7DE8458B41
                                                                                                                                                                                                                                          Function 00007FF8E7451802 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 1296259186-592572767
                                                                                                                                                                                                                                          • Opcode ID: 863fcddfb04574841ac524b119a8e927d1484eab687f723189f41ca6a60780a5
                                                                                                                                                                                                                                          • Instruction ID: 77aaac5f0a43da7072378e4cb712f1e1b49e3d34acfc3f4276d41708ba6b62d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 863fcddfb04574841ac524b119a8e927d1484eab687f723189f41ca6a60780a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88218071A1CA5685F7A08B40E4443BEA7A0EB44BCCF584036EA6C4B698CF7CD5C9CB01
                                                                                                                                                                                                                                          Function 00007FF8E745AEB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                          • Opcode ID: 537b09d5bee1e950009ab1911853711eb2174b6e6df7d00ad8c5fbcc1f3cfb2c
                                                                                                                                                                                                                                          • Instruction ID: 56d08e83e70c6f66152041d010badd57142749a347878ff27e8348457d68ebec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 537b09d5bee1e950009ab1911853711eb2174b6e6df7d00ad8c5fbcc1f3cfb2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04F01251B1958281FE40AB96E5513BD5391EF88BCCF485031FE2D4B787DE6CD8958701
                                                                                                                                                                                                                                          Function 00007FF8E7451F14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E7459405
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E745941B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E7459465
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E745947B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E74594C5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E74594DB
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF8E7456512
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-490761327
                                                                                                                                                                                                                                          • Opcode ID: 76230b15c7d088b7c7e283e01d15d43f60ea2be06f10ff17f5ebdfbe586e8352
                                                                                                                                                                                                                                          • Instruction ID: ad51e9cba6fe421514c9a46e04e398cd1c3ee1d41a203b2ae28862fc3e007b47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76230b15c7d088b7c7e283e01d15d43f60ea2be06f10ff17f5ebdfbe586e8352
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79F01262A486C241EB10BBA5C4553FD2322EF85FCCF484031EE5E4A297CF2C95498353
                                                                                                                                                                                                                                          Function 00007FF8E74878C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                          • Opcode ID: ad7ec8450a52e9ad71fc959e0ebc418e6a4d27da33d7b36f99846db127784720
                                                                                                                                                                                                                                          • Instruction ID: f2552e65869a039e87e483801721f2aa061eb3b551fec942f91521c24b7575cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad7ec8450a52e9ad71fc959e0ebc418e6a4d27da33d7b36f99846db127784720
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F065B2F066418AF7909BA8D4453982391EB44759F580230EA2C8B3D1EF7E89E6C711
                                                                                                                                                                                                                                          Function 00007FF8E746CDA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_get_ex_new_index
                                                                                                                                                                                                                                          • String ID: SSL for verify callback
                                                                                                                                                                                                                                          • API String ID: 3987194240-2900698531
                                                                                                                                                                                                                                          • Opcode ID: 96aa0528776d60da55f52dfd0cf989303f1b8b3c40b710ca406622910118b333
                                                                                                                                                                                                                                          • Instruction ID: a9145f52e31a08427ae72a4cc3cae60c765635d8907f3f7b366cc635cbda52b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96aa0528776d60da55f52dfd0cf989303f1b8b3c40b710ca406622910118b333
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CE01272E09242CBE311AFE4E8417A933A5FB44398F484139E95C87655DF3CA299CE16
                                                                                                                                                                                                                                          Function 00007FF8E7451CBC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 2011826501-1839494539
                                                                                                                                                                                                                                          • Opcode ID: bef6938a5019f813d98e9fcb333eb97e402c5b549b77040f0b226634fd6414fb
                                                                                                                                                                                                                                          • Instruction ID: 38e0141b5363367d66900c9ab8e8d7f9849004d50e8a0fa04bef6c63362ce974
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bef6938a5019f813d98e9fcb333eb97e402c5b549b77040f0b226634fd6414fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0E576709B8194DB409B95D4853EC2360EB49FD8F584132DE5D8B351CF39D19BC315
                                                                                                                                                                                                                                          Function 00007FF8E7487740 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                          • Opcode ID: 429de6e2c1c81fca111882fb339021a6c58825acdec7f262c95397d624f0d597
                                                                                                                                                                                                                                          • Instruction ID: c5f9be086b1daedc7b586903ec4610289febd3e8a3d2d9f3ebbc38d13cf48f70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 429de6e2c1c81fca111882fb339021a6c58825acdec7f262c95397d624f0d597
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABE012A2B0668189E7809BA5D8413D82395EB4C788F580031AE1CC7B82EE7E85E54715
                                                                                                                                                                                                                                          Function 00007FF8E7466270 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-4238427508
                                                                                                                                                                                                                                          • Opcode ID: e2130fbd49de2a0f8fbb6f6ab5ca9d7d3328a397b93b974270b2a307503075e8
                                                                                                                                                                                                                                          • Instruction ID: 44e9f4df161426b16956b2be7ec22aa99d459b5281f83d6b6901599198dd3b4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2130fbd49de2a0f8fbb6f6ab5ca9d7d3328a397b93b974270b2a307503075e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E04F3260864185E700AFA6E04029C6356A780B98F080032DF1C07655CE7AD496D721
                                                                                                                                                                                                                                          Function 00007FF8E74524FA Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1724170673-0
                                                                                                                                                                                                                                          • Opcode ID: 352631f7a3538b4cfef7d63ccfbccaecfe88d5144b4d0eb23eea8d2c7e9f39b6
                                                                                                                                                                                                                                          • Instruction ID: e643e98d00b23eb9c5c5ce685fb52962da20645e5231600cc583f602f91606e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 352631f7a3538b4cfef7d63ccfbccaecfe88d5144b4d0eb23eea8d2c7e9f39b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0E04F22B09A8285D7489695E9813BC6260EF88BC4F141130FF3D87392DE3CD8A54601
                                                                                                                                                                                                                                          Function 00007FF8E74A8E20 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: fabab4d9611520c2a36540144f907f711c1b89702f9e06a460ac8bd2eacb5e83
                                                                                                                                                                                                                                          • Instruction ID: 1f368c5c0ab407318bf33acc70049377377acd6e487ae2b434ffdd8a2ae5384c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fabab4d9611520c2a36540144f907f711c1b89702f9e06a460ac8bd2eacb5e83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46D0A715F02402C2E748B2BDC9822ED12C4EB403C8FD44034F51DC1681DC1CC8EA4602
                                                                                                                                                                                                                                          Function 00007FF8E7451DA2 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_run_once
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1403826838-0
                                                                                                                                                                                                                                          • Opcode ID: 3cca0ddf07942ac212d32c9afd384698731cffc36d3104c2f5bcccd870e15312
                                                                                                                                                                                                                                          • Instruction ID: 4b759e154e8aa874a1fd13d394c703693f0b766805c6a8f1d10362f158e0b2cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cca0ddf07942ac212d32c9afd384698731cffc36d3104c2f5bcccd870e15312
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE0B634F095438AEA54A7E8D86137D2291AF807E8F805239E53ECA1D5DE2CB95D8B02
                                                                                                                                                                                                                                          Function 00007FF8E748A2E0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: fabab4d9611520c2a36540144f907f711c1b89702f9e06a460ac8bd2eacb5e83
                                                                                                                                                                                                                                          • Instruction ID: 023d281598063dd8678e8d3fe01e8ed8e818c518bc33375be9861d1770754e45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fabab4d9611520c2a36540144f907f711c1b89702f9e06a460ac8bd2eacb5e83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D0A715F0240282F758B2BDC9822AC02C09B403C4FD44074F51DC1681CC1DC8DA4602
                                                                                                                                                                                                                                          Function 00007FF8E746E300 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_run_once
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1403826838-0
                                                                                                                                                                                                                                          • Opcode ID: 9ff8fa2ce664058bd725acd3ba5538c97ebc6a18fd9b5e0ff52c154152e87149
                                                                                                                                                                                                                                          • Instruction ID: 7203c904748f6c4f1af095f90257943b049075daa6b659d50b96ff5a8ac30fce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ff8fa2ce664058bd725acd3ba5538c97ebc6a18fd9b5e0ff52c154152e87149
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD05E64F09513C2E704B7A9CC523B92250AF40398F404035E42DCB151DD2CA94E8B02
                                                                                                                                                                                                                                          Function 00007FF8E746A3B0 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_add_error_dataR_clear_errorR_endR_readX509_get_subject_name_errno
                                                                                                                                                                                                                                          • String ID: %s/%s$..\s\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
                                                                                                                                                                                                                                          • API String ID: 1034648778-4291904164
                                                                                                                                                                                                                                          • Opcode ID: 6a1df2041a23dd5d847d3c0134327febe8809e1ffe58991fe2c1f8a877cbcd50
                                                                                                                                                                                                                                          • Instruction ID: b4e91e03b06617bbc28991773dcbfb6a85737cfe2a2effde3fcb407920c7c4a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a1df2041a23dd5d847d3c0134327febe8809e1ffe58991fe2c1f8a877cbcd50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10716161A1CA8285FA60EBD1D4117FD6290AF857CCF440035EAAD47B9ADF3CE9098B06
                                                                                                                                                                                                                                          Function 00007FF8E7464A00 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464A42
                                                                                                                                                                                                                                          • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464A4A
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464A9E
                                                                                                                                                                                                                                          • EVP_sha1.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464AA7
                                                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464AB5
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464ACD
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464AEC
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B10
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B34
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B4C
                                                                                                                                                                                                                                          • EVP_md5.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B59
                                                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B67
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464B86
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464BA1
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464BC0
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464BE3
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464C0A
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464C21
                                                                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464C88
                                                                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8E74653A1), ref: 00007FF8E7464C90
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Update$Final_ex$Init_exX_freeX_new$L_cleanseP_md5P_sha1memcpymemset
                                                                                                                                                                                                                                          • String ID: "$..\s\ssl\s3_enc.c$A
                                                                                                                                                                                                                                          • API String ID: 754518535-4125341915
                                                                                                                                                                                                                                          • Opcode ID: c3cd578d24d8423e8837054b88404f62c43ba7284fb286996de5151ea2cd861e
                                                                                                                                                                                                                                          • Instruction ID: 81cc3ca9c71981e7d37e729ac3895eaeadbb206055b294b94296a84881acedf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3cd578d24d8423e8837054b88404f62c43ba7284fb286996de5151ea2cd861e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B61F562B0C68641FFA4AAD6E4407BE1681AF45BCCF415035EE7E47786DF3CD64A8B02
                                                                                                                                                                                                                                          Function 00007FF8E745105F Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_freeH_freeM_read_bio_O_freeX509X509_free$E_dupH_retrieveL_sk_new_nullL_sk_pop_freeL_sk_pushO_ctrlO_newO_s_fileR_clear_errorR_put_errorX509_get_subject_name
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 751231659-349359282
                                                                                                                                                                                                                                          • Opcode ID: 9b77ed7821161e7bd39790a45b076e300514762ee71aef18f9b7162c06fc2d73
                                                                                                                                                                                                                                          • Instruction ID: 040e8a9fc23b9dac3770bfd604741a59dbefa98f297b9da75fc36fc08baf99fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b77ed7821161e7bd39790a45b076e300514762ee71aef18f9b7162c06fc2d73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B411B51B0DA9385FA54EBE2D0517BD5291AF84BCCF484030EE7E46B96DE7CE80D8702
                                                                                                                                                                                                                                          Function 00007FF8E7451FAF Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Update$Final_exInit_ex$L_cleanseX_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 3290436633-1839494539
                                                                                                                                                                                                                                          • Opcode ID: aa02d94ff94a0c05b61f44a2bbba56d58f3b46ebf44cbaaf33f0ba1e1cc5543e
                                                                                                                                                                                                                                          • Instruction ID: fba11aefeccd8b00878815eb0d98eeaedf57029451e1c259f056ac4de529780b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa02d94ff94a0c05b61f44a2bbba56d58f3b46ebf44cbaaf33f0ba1e1cc5543e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251D761B1868646EB58AFD6E9003BE6365FF45BC8F405034EE6D4B786DF3CE5098B01
                                                                                                                                                                                                                                          Function 00007FF8E74A4CF0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$X_free$L_sk_numL_sk_valueR_clear_errorX509_verify_certX_get0_chainX_initX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                          • API String ID: 763122443-2839845709
                                                                                                                                                                                                                                          • Opcode ID: 337eaa622a5352302d934d76528c4299ea07ab3aefcfc58947da079d220350f7
                                                                                                                                                                                                                                          • Instruction ID: 40088b2b3ff557a2159a4284efabcf0e799bf5afd88682e49762e358b5153b60
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337eaa622a5352302d934d76528c4299ea07ab3aefcfc58947da079d220350f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E851B721B0C65785FAA4AADED4407BE56805F95FCCF484031EF2C87B86EE2CE50B4706
                                                                                                                                                                                                                                          Function 00007FF8E74B6C40 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                                                          • Opcode ID: 43d4c2688b71a7be710e2de74b00bd82a653e830201607c25b0e6f1a050976a3
                                                                                                                                                                                                                                          • Instruction ID: 0c822339c95f4332611e6ba5d963dd5a9cdd11f6068f45e3e0ed9b5132f402b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43d4c2688b71a7be710e2de74b00bd82a653e830201607c25b0e6f1a050976a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19D1C161A08A4381FA6996A6D4403BE2685BF84BCCF044536DF6E877C5DE3CFE498603
                                                                                                                                                                                                                                          Function 00007FF8E7451028 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_get_cipherbyname$R_flags
                                                                                                                                                                                                                                          • String ID: AES-128-CBC-HMAC-SHA1$AES-128-CBC-HMAC-SHA256$AES-256-CBC-HMAC-SHA1$AES-256-CBC-HMAC-SHA256$RC4-HMAC-MD5
                                                                                                                                                                                                                                          • API String ID: 3190984984-741925770
                                                                                                                                                                                                                                          • Opcode ID: 88feaceb8c0a33464c6b94a868f293844dc0ae358d3d3609f1d462ea03017446
                                                                                                                                                                                                                                          • Instruction ID: 5a16bef248559679aa646eddf7d5672408018f2651c6f5446b769b72012abfb4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88feaceb8c0a33464c6b94a868f293844dc0ae358d3d3609f1d462ea03017446
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07816976A0A64285FF659BD4D4403BD32A1EF54BDCF504136CABD42698DF3DE8898B02
                                                                                                                                                                                                                                          Function 00007FF8E74B0210 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B0295
                                                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B0306
                                                                                                                                                                                                                                          • ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B031F
                                                                                                                                                                                                                                          • ASN1_item_d2i.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B033E
                                                                                                                                                                                                                                          • ASN1_TYPE_get.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B035B
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B040E
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B0464
                                                                                                                                                                                                                                          • ASN1_item_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8E74B2260), ref: 00007FF8E74B0473
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FF8E7468809
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: memset.VCRUNTIME140 ref: 00007FF8E7468837
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: memcpy.VCRUNTIME140 ref: 00007FF8E7468873
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E7468896
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E74688FD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF8E7468978
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$E_getN1_item_d2iN1_item_freeO_mallocR_clear_errorX509_get0_pubkeyX_ctrlX_freeX_newmemcpymemset
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_srvr.c$Q
                                                                                                                                                                                                                                          • API String ID: 2622237655-4085857157
                                                                                                                                                                                                                                          • Opcode ID: a7058c5221e45e21e345fe8872407b3483e15b18a6b9182352bae32312eede28
                                                                                                                                                                                                                                          • Instruction ID: dfb14bd5f6dac76cae0654671bd4099d787abb8011b9d5bdbf1ef85c812f609c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7058c5221e45e21e345fe8872407b3483e15b18a6b9182352bae32312eede28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72619D62708A8285EA319B96E4443BD6790EF84BCCF444035DFAD477A5DF3CE9498B02
                                                                                                                                                                                                                                          Function 00007FF8E745179E Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3703036260-1080266419
                                                                                                                                                                                                                                          • Opcode ID: a86ca228d3d07137635175d9a3b373800620c6c2732c7db0e61f7fbb0d88f912
                                                                                                                                                                                                                                          • Instruction ID: 84dbedd027085f2d4db3f0620c8b62821e2d802f9f88ea02a57fe030aac19a87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a86ca228d3d07137635175d9a3b373800620c6c2732c7db0e61f7fbb0d88f912
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9317021B0960281EB68EBA9D4413BC63A2EF84BCCF040531EE7D07789DE3CE9488742
                                                                                                                                                                                                                                          Function 00007FF8E74B96B0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 300COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_get_curve_nameY_get0_Y_get0_group$A_sizeD_sizeY_get0
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                          • API String ID: 2334240586-1408384096
                                                                                                                                                                                                                                          • Opcode ID: df5e638131d48f9a7fb2f357ab2e16c6eab6f853a50bf2da4a63f4560b2ccc88
                                                                                                                                                                                                                                          • Instruction ID: a102283b3dfb608a93ac6e20ea77e181692f4c3fd7b54959edca0a282f12861e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df5e638131d48f9a7fb2f357ab2e16c6eab6f853a50bf2da4a63f4560b2ccc88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BC1BF62B09686C6EA698A66E1403BD7790FB85BD8F144135DF6D473D0DF3CEC9A8302
                                                                                                                                                                                                                                          Function 00007FF8E7482360 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$X509_get0_pubkey
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2083351937-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 26fecbd26e7940e3b537b604e6623d7643711c0e306decb06dad18eaa601465e
                                                                                                                                                                                                                                          • Instruction ID: f45f20e63ac39da88addb87c25e9a01fa4a1bf40c38cde978513e8d3d81c04cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26fecbd26e7940e3b537b604e6623d7643711c0e306decb06dad18eaa601465e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4413E22A08A8681EF04EBA5E4403BDA760FB94BCCF440131EB6D43759EF7DD5498701
                                                                                                                                                                                                                                          Function 00007FF8E7466B52 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$Y_freeY_newY_set1_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 520254984-4238427508
                                                                                                                                                                                                                                          • Opcode ID: dbee0f5459b30088e2440bdf58c540943d3bdf6b0be01cd78063c53b5b3179c1
                                                                                                                                                                                                                                          • Instruction ID: e3a0ee52af8cb85f2bd654f91ecc9da8e4c1e24693292ebe53004a92249744fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbee0f5459b30088e2440bdf58c540943d3bdf6b0be01cd78063c53b5b3179c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07217F61B1D55282F710EBA2E5003AD6390EB84BD8F440075EF6C47B9ADF3DE94A8B06
                                                                                                                                                                                                                                          Function 00007FF8E7481660 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$Y_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$o
                                                                                                                                                                                                                                          • API String ID: 2632022502-2060984337
                                                                                                                                                                                                                                          • Opcode ID: fdd162248c22b52d587a209647dce6c3e780c54363aa3a9e9a7f4f08c776c168
                                                                                                                                                                                                                                          • Instruction ID: 8aaa8e91704261a6d4cbf366b4208783f94b38713a6d1815218c3bb3938e3e36
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdd162248c22b52d587a209647dce6c3e780c54363aa3a9e9a7f4f08c776c168
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81219261B1854282FB00EB65F5013FE63A1EB857C8F480031EB6C47B8ADF2CE94A4B01
                                                                                                                                                                                                                                          Function 00007FF8E745143D Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                          • API String ID: 0-1853348325
                                                                                                                                                                                                                                          • Opcode ID: 7f8452d893df3a0176d66a1b865a928d59a7e5614068cb749a2b8493c39896e6
                                                                                                                                                                                                                                          • Instruction ID: 351c2ea53428fdfd97bcd22cc4fcacbe47ddeeb4059747bb973e2edf2355bf38
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f8452d893df3a0176d66a1b865a928d59a7e5614068cb749a2b8493c39896e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91C150A1B4868385FB649AE2D5503BD2395AF897CCF544032DE2D67BC9EF3CE5098702
                                                                                                                                                                                                                                          Function 00007FF8E74BA4C0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_size.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA531
                                                                                                                                                                                                                                          • EVP_CIPHER_flags.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA599
                                                                                                                                                                                                                                          • EVP_CipherInit_ex.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA6C4
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA6DB
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA6F7
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF8E74BC66F), ref: 00007FF8E74BA760
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_ctrl$CipherD_sizeInit_exL_cleanseR_flags
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$key
                                                                                                                                                                                                                                          • API String ID: 3239367310-4187096943
                                                                                                                                                                                                                                          • Opcode ID: 97d3e1ddd3462d4cc02b9e116f8fc08a370f6fe36cc324347501341896f58257
                                                                                                                                                                                                                                          • Instruction ID: 88569a5e339b96e38fe0665f464b1596f92fe4fed14452658a6019c28d6967ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97d3e1ddd3462d4cc02b9e116f8fc08a370f6fe36cc324347501341896f58257
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED619D32608B8185EA60DB92E8447AEB7A4FB89BC8F440135EEAD47B54DF3CD549CB01
                                                                                                                                                                                                                                          Function 00007FF8E74523B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_errorX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 785824201-2723262194
                                                                                                                                                                                                                                          • Opcode ID: ff5c1eac9a3845024a4e8b88d52c5146675bfe66f3383d7ca3f8fc541eb44b2f
                                                                                                                                                                                                                                          • Instruction ID: d26cb07122e8f1a194e727d09157090d3743c011de04ca6ad6e72ed3ec055903
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff5c1eac9a3845024a4e8b88d52c5146675bfe66f3383d7ca3f8fc541eb44b2f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7531C822E1C69286F721AED2E4007BD6251AF84BCCF044031FE6D1BBA6DF7CE9484742
                                                                                                                                                                                                                                          Function 00007FF8E7451CFD Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                          • Opcode ID: bc23f88a8ee4193d77601975332419c2464ec14be40f4f0683245a2c64aa1e26
                                                                                                                                                                                                                                          • Instruction ID: 89f0d6046fc65345cc0c69199f986fee028b0170de4cd81efeff0d376636cb64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc23f88a8ee4193d77601975332419c2464ec14be40f4f0683245a2c64aa1e26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE319561A0C6C682F624AF92D4017BD6251FB85BC8F044036FEAD07B86CF3DE5098B42
                                                                                                                                                                                                                                          Function 00007FF8E74524B4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 44bb4213fa10e1671012fb94ee742b8e216c112be0fa5e6e8ea5673e404227b2
                                                                                                                                                                                                                                          • Instruction ID: 6fe2074179fad221ccd599b12eb382ae0eff80b2db637b0969585f992cc35e6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44bb4213fa10e1671012fb94ee742b8e216c112be0fa5e6e8ea5673e404227b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37319922A5869686F725AF92E1003BE6351EB85BC8F044035FFAD07B96DF3CE5084B42
                                                                                                                                                                                                                                          Function 00007FF8E7451B0E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: E_dupL_sk_new_reserveL_sk_numL_sk_pushL_sk_valueR_put_errorX509_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 2399292771-349359282
                                                                                                                                                                                                                                          • Opcode ID: 9604ed3ec0c25fe6f708db54a45cf731d9c5a08ceca156709399f10aa5340e06
                                                                                                                                                                                                                                          • Instruction ID: ebe38664a6a736d23f9fadb8271a8dbd1fa9b7944dc223c8310999a95a54bdcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9604ed3ec0c25fe6f708db54a45cf731d9c5a08ceca156709399f10aa5340e06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF218621B0CA4286F754EBE5E4013EE63A1AF457C8F540571EE7D4378ADE3CE8098B02
                                                                                                                                                                                                                                          Function 00007FF8E7451267 Relevance: 15.3, APIs: 10, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl$R_flagsX_cipher$D_sizeX_block_sizeX_md
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1400698538-0
                                                                                                                                                                                                                                          • Opcode ID: 7648362e08b29c6cad137f99f4954c206f28245739af8a7c8d504f3cb16ece61
                                                                                                                                                                                                                                          • Instruction ID: 5a92b1d541feb43afc294fd987bcc35ff5deb1a82ef61fb9ffb8f203b80b1496
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7648362e08b29c6cad137f99f4954c206f28245739af8a7c8d504f3cb16ece61
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55D1B3A2A097D185DB508FA9C4103BD37B0EB59BDCF488536DEAD47386EE2CD448C716
                                                                                                                                                                                                                                          Function 00007FF8E7451A14 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                          • API String ID: 0-1306860146
                                                                                                                                                                                                                                          • Opcode ID: 2312cb5f93ff770c26980b06f11d92f1ffe2e0bf053f4626b8519ae62b17bb3c
                                                                                                                                                                                                                                          • Instruction ID: aacdb453493e5a74740d63255bb5e16ddf7e3c40b04154b08357e93e5fe2e5c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2312cb5f93ff770c26980b06f11d92f1ffe2e0bf053f4626b8519ae62b17bb3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D15932B08A8286EB608FA5E8407AD37A5FB45B8CF084135DEAD5B798DF3CD549C711
                                                                                                                                                                                                                                          Function 00007FF8E745128A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3681941280-1080266419
                                                                                                                                                                                                                                          • Opcode ID: b8e99dbdcf3e65f2f3db4ab71e39aa3d3bb77dc6e54b3084b33094c2ab13b786
                                                                                                                                                                                                                                          • Instruction ID: 59128a758374297be1331f61210ab4e2e66bdbafe3118c56ac3befe500a6f378
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8e99dbdcf3e65f2f3db4ab71e39aa3d3bb77dc6e54b3084b33094c2ab13b786
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E021F422B0859282FB24EB95E400BBD6360EF847C8F440531EF6D07792DE3CE808CB02
                                                                                                                                                                                                                                          Function 00007FF8E747C420 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4245524859-0
                                                                                                                                                                                                                                          • Opcode ID: 3c847b9f3f0464e00a9d32d8a2d3bfb207f63d52f6b5479a3cdae12afba60a3d
                                                                                                                                                                                                                                          • Instruction ID: 14fefc16681d72494f7bcb261f57a00c7ef1f0fdf4b499dba49e8be619c0907a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c847b9f3f0464e00a9d32d8a2d3bfb207f63d52f6b5479a3cdae12afba60a3d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21F111F0D76342EE10AAE6E151B7D16C5AF88FC8F440431EF1D87B82EE6DE8094342
                                                                                                                                                                                                                                          Function 00007FF8E74542BD Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3610643084-0
                                                                                                                                                                                                                                          • Opcode ID: de81d23c485e766eea60831181f801c1675826a7c7511db18e173af104988032
                                                                                                                                                                                                                                          • Instruction ID: 730b42c53f4330de5ceeb369114ded113bd523dd336b91259254485fc5461c53
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de81d23c485e766eea60831181f801c1675826a7c7511db18e173af104988032
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91111C11B0C15643F614B2EAD0113BD12919F86BCCF104475DA3E4BBAACE2DE94B8A47
                                                                                                                                                                                                                                          Function 00007FF8E7451FB4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: i2d_$L_sk_numX509_$L_sk_value
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 917959868-592572767
                                                                                                                                                                                                                                          • Opcode ID: d34277a6469f11a0e65891c826dc9b5f02c9621478385953f8993924721f81aa
                                                                                                                                                                                                                                          • Instruction ID: f2c0f3c462a8122bd01b115a1a23303d02068347c9227842a31c4c94ea370569
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d34277a6469f11a0e65891c826dc9b5f02c9621478385953f8993924721f81aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76517261B0D74681FB14BAA2D4403BD6792AFC5BCCF144131ED6D87BC6DE2DE94A8B02
                                                                                                                                                                                                                                          Function 00007FF8E7468C30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_freeX_new_id
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 4103210000-4238427508
                                                                                                                                                                                                                                          • Opcode ID: fdf36d2ead4f9a75cf5ac839655b2f73cfcabefebb13f1ce29d2896b09f4f763
                                                                                                                                                                                                                                          • Instruction ID: 7a922254d9e33ebb5c3d37106a3d4caab4f49b9e4ffec0eebb9368eb56834791
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdf36d2ead4f9a75cf5ac839655b2f73cfcabefebb13f1ce29d2896b09f4f763
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E841713260D74286E760EF91E4103AE77A5FB847C8F540135EAAD47799DF7DE9088B01
                                                                                                                                                                                                                                          Function 00007FF8E749AAD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_free$H_get0_keyN_bn2binN_num_bitsY_get0_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2719771601-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 74f6c9c154ac3e30748655cf7539a84f3a69a495d6ca55a2d0fc3a10a7d8a7d3
                                                                                                                                                                                                                                          • Instruction ID: 10bc8b5bcc08d06a353b94ce9c649b297e73b830c797a094ee17ca64632c6f20
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74f6c9c154ac3e30748655cf7539a84f3a69a495d6ca55a2d0fc3a10a7d8a7d3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C531B062B0C68285FA60DB92E8407BE6791EB84BDCF440134EE6D47B86DF3CE549C702
                                                                                                                                                                                                                                          Function 00007FF8E7471820 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _stricmp$Y_freeY_new_by_curve_name
                                                                                                                                                                                                                                          • String ID: +automatic$auto$automatic
                                                                                                                                                                                                                                          • API String ID: 2003915625-1892669398
                                                                                                                                                                                                                                          • Opcode ID: dfedd5e75b71eac7f9e91fdd86cc988629c301bfacda128d35128b933e034b8a
                                                                                                                                                                                                                                          • Instruction ID: 354e9727283bb6211aa4333aae9a4875fe91711caee9c6eb261830dc410152e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfedd5e75b71eac7f9e91fdd86cc988629c301bfacda128d35128b933e034b8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A231A062B0D75381FA649BE6E81077D2791AFC4BC8F194431EE6E47685EF2CE80C8243
                                                                                                                                                                                                                                          Function 00007FF8E7452095 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_newO_s_fileR_clear_errorR_put_errorX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 1025733963-2723262194
                                                                                                                                                                                                                                          • Opcode ID: b891754f40fdf1a851c0a54f5665ab87ebdd7ae75f31dd34d0bae51017b03a33
                                                                                                                                                                                                                                          • Instruction ID: 2aac521c603257980208430141d06aff9532c2d9a6889dbaa95429eeb1787a91
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b891754f40fdf1a851c0a54f5665ab87ebdd7ae75f31dd34d0bae51017b03a33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F811B622A09686C6F614AB92E4017BE6760BF84BCCF544131FE6D47786CF3CE5498B42
                                                                                                                                                                                                                                          Function 00007FF8E74B6E47 Relevance: 12.2, APIs: 8, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueY_id
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 483135270-0
                                                                                                                                                                                                                                          • Opcode ID: f1e3f79308bb0390ecf57a90ce36679551202918783e4a98601c97c2a169bc4b
                                                                                                                                                                                                                                          • Instruction ID: 4bd7a7cbf28b0685b65fb996556e32141818e22c0e0755f494cb87986ce2fb96
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1e3f79308bb0390ecf57a90ce36679551202918783e4a98601c97c2a169bc4b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95615E11A0CA4285FA6A96E6D4403BD2691AF81BCCF148436DF6E877C5CE2DFE498713
                                                                                                                                                                                                                                          Function 00007FF8E7451082 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 0-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 77f2f13a1328a566c14dd02e799f7de360662cb5687004bce2a0603a55f5a518
                                                                                                                                                                                                                                          • Instruction ID: f1756fb1e27a3e419722f2ab4d477e1403ab976b4ac846392ae1007780c11a04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77f2f13a1328a566c14dd02e799f7de360662cb5687004bce2a0603a55f5a518
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1716472A0868282EB50CBA6E4407BEA3A0EB84BDCF444135DB5D57799DF7CE884CB05
                                                                                                                                                                                                                                          Function 00007FF8E7464360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 22238829-1839494539
                                                                                                                                                                                                                                          • Opcode ID: 2a17205e123ebecdfee5edc0bee84eb0dd48a83c13ff60d6855bfb72c2c633df
                                                                                                                                                                                                                                          • Instruction ID: e9babd4868491f85f1953065b2570431444b97dd840fcae62614ae9dd40902e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a17205e123ebecdfee5edc0bee84eb0dd48a83c13ff60d6855bfb72c2c633df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C419532709A8185EB90DF99E4403AE63A0FB84BD8F144431DF6C4B795DF7DD58A8701
                                                                                                                                                                                                                                          Function 00007FF8E746C3B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 732311666-349359282
                                                                                                                                                                                                                                          • Opcode ID: 9c318936ff456b0139b16d18862ca09ff1dfef944a5de1407ac22332d568028e
                                                                                                                                                                                                                                          • Instruction ID: 3206df4329d9b284000c52c1561d9b0ee6e74b41ae7de2b6e0a5f5f23d93d15f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c318936ff456b0139b16d18862ca09ff1dfef944a5de1407ac22332d568028e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A21A461B08A8186FB54EBE6E4407FD6791FB947D8F040431EE6C87B96CE3CE4898701
                                                                                                                                                                                                                                          Function 00007FF8E747E2D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_put_errorX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1042751175-1080266419
                                                                                                                                                                                                                                          • Opcode ID: fcecb994dbc38105b6741d9bf9f8e68a319fb8ee88dbd0e3b94098d9a2beb94b
                                                                                                                                                                                                                                          • Instruction ID: 07f52ac7ad28bccb56206efa77d4a379121e09b461baaa62d75519ab588a5ca7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcecb994dbc38105b6741d9bf9f8e68a319fb8ee88dbd0e3b94098d9a2beb94b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A318132608A8282E714DBA1D4503AE7765FB84BC8F488535EFAE87796DF7CD4458B01
                                                                                                                                                                                                                                          Function 00007FF8E74515C3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1603723057-1766685285
                                                                                                                                                                                                                                          • Opcode ID: 8148171c667b9fd60b4b81300863e6539d43d54b5dcd32d7576bd9d1a0d42026
                                                                                                                                                                                                                                          • Instruction ID: 0cd096461bb9ccc8bae6344e42f057466b1c9b8dc7411acdb405d87c75d441b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8148171c667b9fd60b4b81300863e6539d43d54b5dcd32d7576bd9d1a0d42026
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7921A43270869182E754DB99E4403ED63A4EB88BC8F540035EF5D47B96DF3DD98A8B05
                                                                                                                                                                                                                                          Function 00007FF8E74518BB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_txt.c
                                                                                                                                                                                                                                          • API String ID: 2618924202-3774725576
                                                                                                                                                                                                                                          • Opcode ID: 1e62c14c964867db07759d45a83b60bef72d94766a026c1660ae0961ad999a35
                                                                                                                                                                                                                                          • Instruction ID: 3b583fd803856260c60135ca1a78cc69bef27f3909e73b6e78f722be875af152
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e62c14c964867db07759d45a83b60bef72d94766a026c1660ae0961ad999a35
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1019621B0869282F640EBA5E5513EE6360EB85BC8F544071FF7C47B9ADF3DD9498B02
                                                                                                                                                                                                                                          Function 00007FF8E7451519 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_findL_sk_value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1561070308-0
                                                                                                                                                                                                                                          • Opcode ID: d11b1d89c28d654abcc34a11f34f4c08d5843d1fdecf38df19895bc68be4cf3f
                                                                                                                                                                                                                                          • Instruction ID: 9a558c56f6e624559d440aba1663168d9deb5bcace7fe16fe448829c12e93c09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d11b1d89c28d654abcc34a11f34f4c08d5843d1fdecf38df19895bc68be4cf3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3941F712B0C68246FB64AAE5C8043BD7B90EB45BC8F094431DF6D87789DE3DD4598302
                                                                                                                                                                                                                                          Function 00007FF8E7468A50 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_free$X_ctrlX_freeX_new_idY_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1769623012-0
                                                                                                                                                                                                                                          • Opcode ID: cd626520feb1070c889352ef4004c75d9f3a20e2182f564bf643be02d4178c66
                                                                                                                                                                                                                                          • Instruction ID: f4ad5484734badc829352acf89b13884f45344220414af9a18a92304e22e278b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd626520feb1070c889352ef4004c75d9f3a20e2182f564bf643be02d4178c66
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1921AF71B1D60241EB50AB9AE4513BE67A59F857C8F180034FF7D4779ADE3CE8468B01
                                                                                                                                                                                                                                          Function 00007FF8E747C350 Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2268491255-0
                                                                                                                                                                                                                                          • Opcode ID: 8bd77238bee49a160935da722aec24b514e523fac6ed6413117ac5d53c3f3f1e
                                                                                                                                                                                                                                          • Instruction ID: 43bf87e8d66845ea86568d2d670c8a84ebd9e62c3e2a33eaaffa86a68e456a8b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bd77238bee49a160935da722aec24b514e523fac6ed6413117ac5d53c3f3f1e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60012162A09E8181DB44AFE1D9813FC63A8EF90BCCF080139EF5D4B696CF3C94548726
                                                                                                                                                                                                                                          Function 00007FF8E74A4250 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify
                                                                                                                                                                                                                                          • API String ID: 2266715306-2608420995
                                                                                                                                                                                                                                          • Opcode ID: 2242b41241a50b237cd1ed4062df157a30522dc9c83ad7250d135c41e98befaa
                                                                                                                                                                                                                                          • Instruction ID: 10d3a68101573960bbb3de2354964dace46ad9f4cb0a2f823112dfae9974158b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2242b41241a50b237cd1ed4062df157a30522dc9c83ad7250d135c41e98befaa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B041B062B08A8582E710CF99E4403BD77A0FB95BC8F148232DB9C87651EF3DD5AAC705
                                                                                                                                                                                                                                          Function 00007FF8E747F790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 4631420c3dc9954702de5197bb381589f1dd3fe6c05f3d2ff672c28d7b1c86c1
                                                                                                                                                                                                                                          • Instruction ID: ef2411f2b2e5e992befe174e328b41ec7da223219fd952a989242ea92b8d716c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4631420c3dc9954702de5197bb381589f1dd3fe6c05f3d2ff672c28d7b1c86c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53315E32A08A4286E7109B95E4043AD7760FB84BC8F144235EEAD477D9DF3DE44ACB42
                                                                                                                                                                                                                                          Function 00007FF8E74518A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 11f8b4967c5d30b2af0d6a6378cfec4cb4ad56bf4dde9944b7d761b72770e4d8
                                                                                                                                                                                                                                          • Instruction ID: 125d9a97d38ca0ee997f192b7e52a7537ebb9fca5c34f13a69b4d057e50e02ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11f8b4967c5d30b2af0d6a6378cfec4cb4ad56bf4dde9944b7d761b72770e4d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C319062A08A8182F7509BA4E4403AD63A1EB44BDCF544235EF7C4B7D9DF3DD5898B02
                                                                                                                                                                                                                                          Function 00007FF8E7451726 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newX_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 3686289451-1839494539
                                                                                                                                                                                                                                          • Opcode ID: 9409607454e47d4e27c1e87339ca2eaaa2c8e59efa7c26ccbbbba4dc4d265128
                                                                                                                                                                                                                                          • Instruction ID: 4b38ba05bdf0425e35a468db5ef29e09cea792fb93bda300ca81b2e5a2fafad2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9409607454e47d4e27c1e87339ca2eaaa2c8e59efa7c26ccbbbba4dc4d265128
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33212432B08B8195EB50EB65E0503EC73A0EB88BC8F488531DE5D4B795DF7DD5888B02
                                                                                                                                                                                                                                          Function 00007FF8E745169A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_errorX509_up_ref
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 1254856836-349359282
                                                                                                                                                                                                                                          • Opcode ID: e51928a28ba927798e42207a67e191c36e8dbf2be0b92b888dd9cf561b142714
                                                                                                                                                                                                                                          • Instruction ID: 98d0e683213f0dc876109d9b48d120a31bcd3cf2da87b56e246caf47e3b10c71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e51928a28ba927798e42207a67e191c36e8dbf2be0b92b888dd9cf561b142714
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4119E25B0964285FB94ABE5E1403BD12A0EF48BCDF680531EF7C47786DF3CD8588602
                                                                                                                                                                                                                                          Function 00007FF8E74B44B0 Relevance: 7.6, APIs: 5, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: A_sizeD_sizeP_get_curve_nameR_pop_to_markY_get0_Y_get0_group
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2524731747-0
                                                                                                                                                                                                                                          • Opcode ID: b5c593e026703faffef4cdf0d34fe01ddfedbc49cbf0e3c62da836d857bf812b
                                                                                                                                                                                                                                          • Instruction ID: 4f3493c233ac2d59f2b928558fae68b131f7148502ca0494574001627474a83a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5c593e026703faffef4cdf0d34fe01ddfedbc49cbf0e3c62da836d857bf812b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B151A462A08A4681EE549A99D5803BD2394EF88FDCF090536EF2D473C5DE3CEC4A8702
                                                                                                                                                                                                                                          Function 00007FF8E74B7630 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_PKEY_id.LIBCRYPTO-1_1(?,00007FF8E74B6002), ref: 00007FF8E74B7651
                                                                                                                                                                                                                                          • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1(?,00007FF8E74B6002), ref: 00007FF8E74B7664
                                                                                                                                                                                                                                          • EC_KEY_get0_group.LIBCRYPTO-1_1(?,00007FF8E74B6002), ref: 00007FF8E74B766F
                                                                                                                                                                                                                                          • EC_GROUP_method_of.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FF8E74B6002), ref: 00007FF8E74B76AC
                                                                                                                                                                                                                                          • EC_METHOD_get_field_type.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FF8E74B6002), ref: 00007FF8E74B76B4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_get_field_typeP_method_ofY_get0_Y_get0_groupY_id
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2889995728-0
                                                                                                                                                                                                                                          • Opcode ID: 2d88c69ca4d68704417b25b4919b4614bf5e9bd391ed9065385de2fd1eae3f7a
                                                                                                                                                                                                                                          • Instruction ID: d7d40540d9dc3ce0149f9c0c56850fe64cfe6a6a9b41146b039da5ad37cff617
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d88c69ca4d68704417b25b4919b4614bf5e9bd391ed9065385de2fd1eae3f7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D21B311F1969242FE96D6E6D0503BC1780AF89BD8F141432EB2EC7782CE2DED954602
                                                                                                                                                                                                                                          Function 00007FF8E7451EF1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: bcdbbe1538b7ea9d240a1d67f6d9caacd03c929361d6a26dae4a4bf7693df668
                                                                                                                                                                                                                                          • Instruction ID: 36f8c4d08c2dce3a532f1f846697b8f611684d47178c8026db4b8fb823ac777b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcdbbe1538b7ea9d240a1d67f6d9caacd03c929361d6a26dae4a4bf7693df668
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83014F51F0DA4241EED4E6E6E5453BD52D69F58BCCF080034EE3D4B78AEE3DE8984602
                                                                                                                                                                                                                                          Function 00007FF8E7451CF3 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: dd66cedb7686bd926aee645f9947438db4ca0e959c6ae9e17f9f68f598e522d0
                                                                                                                                                                                                                                          • Instruction ID: cdd4a832feba0ad2d721f5f39024af9aa87e55a49a9265a0eca6b397bde9cab1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd66cedb7686bd926aee645f9947438db4ca0e959c6ae9e17f9f68f598e522d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92012C11F0AA4285FE94E6E6E5557BD52D1AF54BC8F081130EE7D8A7CAEE2CE8844602
                                                                                                                                                                                                                                          Function 00007FF8E746AE70 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: 5fe7f2459e888ac96ca998d2f09b9456cc9103b83f11ac2c29b026c6f9f89235
                                                                                                                                                                                                                                          • Instruction ID: 9de6570230a06651534feff6157d5761066dc116fc04c30facf52ff076528505
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fe7f2459e888ac96ca998d2f09b9456cc9103b83f11ac2c29b026c6f9f89235
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F01955F1AA4240EE95E6E6E1553BD52D19F58BC8F084031EA7D8678AEE3CE8884602
                                                                                                                                                                                                                                          Function 00007FF8E747EB80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 476e6c8ea6d19319fa02b3d30600d231bb7aa5fe37639d274de62f31573b31cb
                                                                                                                                                                                                                                          • Instruction ID: 3bf4b0254106d4b10624379f4d9c2f62c1a0b37bb232928ec2436e8d3f99f990
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476e6c8ea6d19319fa02b3d30600d231bb7aa5fe37639d274de62f31573b31cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37313836A0869286E720DF95E4443AD7760FB84BC8F540635EEA9477A9CF3CD859CB02
                                                                                                                                                                                                                                          Function 00007FF8E746D0F2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: ECDSA$IDEA(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-1715931570
                                                                                                                                                                                                                                          • Opcode ID: 75d6c3de10b13067d202167ec99f096fb99f3ed0f6f31f114ebaee6e417c0355
                                                                                                                                                                                                                                          • Instruction ID: 8e30109427b217d53fbb5f288f9adcee5321968cc5cd6054b149865e58eb0625
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d6c3de10b13067d202167ec99f096fb99f3ed0f6f31f114ebaee6e417c0355
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8119672D0C64391FA74ABE8E5883BD5660BB453D8F450132DD7D13AA8CE7CE98C8E42
                                                                                                                                                                                                                                          Function 00007FF8E746D0E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: DSS$IDEA(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-3841199953
                                                                                                                                                                                                                                          • Opcode ID: 22109759e7c5b96da92b11381e7f434876b92927db07c88be17e674dc1a3b08d
                                                                                                                                                                                                                                          • Instruction ID: 64e4855dddc7e86c99ca88d4f6b1ac4fbccc82d2bdb2bcc2008fd60aff30c671
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22109759e7c5b96da92b11381e7f434876b92927db07c88be17e674dc1a3b08d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15119672D0C64391FA74ABE8E5843BD5660BB453D8F450132DD7D13AA8CE7CE98C8E42
                                                                                                                                                                                                                                          Function 00007FF8E745152D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 1176158178-349359282
                                                                                                                                                                                                                                          • Opcode ID: d0c673e19fc968fe49e19ed66c8cf6ab2a4252f7a94cbf37efd3f31d80b2264a
                                                                                                                                                                                                                                          • Instruction ID: 28151d033a4e81c67260d68d3836e03b9559b5fdfab7e81b9ea84fbd2e696bd3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0c673e19fc968fe49e19ed66c8cf6ab2a4252f7a94cbf37efd3f31d80b2264a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30116072A0964182EB509BA5E4403ED63A4EF44BC8F180531EF7C47B95CF3CD959CB02
                                                                                                                                                                                                                                          Function 00007FF8E747ACD7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3703036260-1080266419
                                                                                                                                                                                                                                          • Opcode ID: e76756974db225ec1d54090a4925b1da3d0cb02059e90bea83a9a2d4cdf14cc1
                                                                                                                                                                                                                                          • Instruction ID: c2cc61126cb3410c174d84c567de9da55e8cea46cf86f8340e8cd0adaf2ce45e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e76756974db225ec1d54090a4925b1da3d0cb02059e90bea83a9a2d4cdf14cc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F09621A1964281E714D765E45439E67A1EB847CCF544170FB6C43B95EF3CD949CB01
                                                                                                                                                                                                                                          Function 00007FF8E74513E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 80dfa0c84d7156e77aa257aa17e3f90622286deccda93ac06b19b73e80c43ee0
                                                                                                                                                                                                                                          • Instruction ID: af3f6f556bc0faa2a0564cacf1cc212072121fac094ee517bde938cd01aaf413
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80dfa0c84d7156e77aa257aa17e3f90622286deccda93ac06b19b73e80c43ee0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38115E72B1964686EB50DBA0C8103AD37A1FB80B88F804174DA6C437A4DF7DE64ECA02
                                                                                                                                                                                                                                          Function 00007FF8E7451E79 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: A_freePrivateR_put_errord2i_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2825407714-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 0f797fa73bfd8f277985d7d43b5f03698a22f8d538ec5fc2c8c643123570c23a
                                                                                                                                                                                                                                          • Instruction ID: 13049df82b429d3b6c701ba9af065aa3103446f45590bfbe902d3243df4b96d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f797fa73bfd8f277985d7d43b5f03698a22f8d538ec5fc2c8c643123570c23a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94F0A461B1864681EB40ABA5F5413BEA7A1EF887C8F944036FB6C47796DE3CD9488A01
                                                                                                                                                                                                                                          Function 00007FF8E74B4A00 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: C_curve_nist2nidJ_ln2nidJ_sn2nidmemcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 722349470-0
                                                                                                                                                                                                                                          • Opcode ID: e9d5f9d3b6b2122b3d9d2e56503c8be0d4bb8136a8682d0a74df2f3e2fb100b2
                                                                                                                                                                                                                                          • Instruction ID: 45e64249b103a09315ae53ef84fe4d027224d3cb45b8542e18e4c92e1e0fe411
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9d5f9d3b6b2122b3d9d2e56503c8be0d4bb8136a8682d0a74df2f3e2fb100b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921D622B0CA4645FB649BE8D81037D12E1EFCC7CCF544131D76E8269ADE2CDD4A8606
                                                                                                                                                                                                                                          Function 00007FF8E74520BD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM
                                                                                                                                                                                                                                          • API String ID: 3510742995-484036895
                                                                                                                                                                                                                                          • Opcode ID: 11e3d4ee241d85a98a8a13066d31f324302bf78b1cb57375474b80c4144d657a
                                                                                                                                                                                                                                          • Instruction ID: 5971f54f9a833de46d512041f282e38d42b82836a094e65377ab36bbc585126f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11e3d4ee241d85a98a8a13066d31f324302bf78b1cb57375474b80c4144d657a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D515F72A0878286EB918B55D4443ED23A5EB44BCCF184036EF5D4B799EF3ED889C706
                                                                                                                                                                                                                                          Function 00007FF8E7451BA9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 280995463-0
                                                                                                                                                                                                                                          • Opcode ID: bad992762d588c539e6f45d4d940070225d6d7fcb69fa1377506dd6e33a0a87a
                                                                                                                                                                                                                                          • Instruction ID: b77040c490897c98588c937b7325402fc06fef422b8569d72e720dc89494f228
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bad992762d588c539e6f45d4d940070225d6d7fcb69fa1377506dd6e33a0a87a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57019E21F0D68681FA84A6DAF01037D62959F84BE8F5C5131EE6D4FB8EDE2CE8464702
                                                                                                                                                                                                                                          Function 00007FF8E746E340 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_free$F_parse_listL_sk_new_null
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4265814531-0
                                                                                                                                                                                                                                          • Opcode ID: e044826245c8043478f70e93a3c65dd35abd2803c9f6abcddffd651465dc7fd7
                                                                                                                                                                                                                                          • Instruction ID: 51d0ade54189f692c407cb58aaa038f889243bc096de71f9b58a1ba739c70181
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e044826245c8043478f70e93a3c65dd35abd2803c9f6abcddffd651465dc7fd7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2018421B08A5281F751AB95F4003AD67A4EFC4BC8F484071EFAC87B9ADE3DD8958B01
                                                                                                                                                                                                                                          Function 00007FF8E747ED00 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free$DigestInit_exX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4262507187-0
                                                                                                                                                                                                                                          • Opcode ID: 51fbb778b52245604aed226911c6ab532748d7d19db74f2569026da39e1821d9
                                                                                                                                                                                                                                          • Instruction ID: 4317758255ed25d9ab14c120983bd5a0c87535dfe13215520390725036a77a5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51fbb778b52245604aed226911c6ab532748d7d19db74f2569026da39e1821d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F06822B18E0240EB95ABE5F55137C53E09F54BC8F085131EE2C8779ADE3CD8544B02
                                                                                                                                                                                                                                          Function 00007FF8E7471620 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • OPENSSL_sk_dup.LIBCRYPTO-1_1(00000000,00007FF8E7470BCA), ref: 00007FF8E7471639
                                                                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-1_1(00000000,00007FF8E7470BCA), ref: 00007FF8E7471654
                                                                                                                                                                                                                                          • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1(00000000,00007FF8E7470BCA), ref: 00007FF8E7471666
                                                                                                                                                                                                                                          • OPENSSL_sk_sort.LIBCRYPTO-1_1(00000000,00007FF8E7470BCA), ref: 00007FF8E747166E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1312970346-0
                                                                                                                                                                                                                                          • Opcode ID: 62d0a028eb10ce999364d6858bea357053da62dd1ab5adefcdd2347df95b25c3
                                                                                                                                                                                                                                          • Instruction ID: ff4d132ce7fe451afe898cb74d83e8d99616cd89e1aff01bb259c99186bcb972
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d0a028eb10ce999364d6858bea357053da62dd1ab5adefcdd2347df95b25c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F08262B0964281EB44A7A5F5913BC5351DFC8BC8F448031FF2D4778BEE2CD8994602
                                                                                                                                                                                                                                          Function 00007FF8E74513E8 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2268491255-0
                                                                                                                                                                                                                                          • Opcode ID: 484c31d8009d3c934941a8755aed385179bbf15f226cff055a72e9445e03809f
                                                                                                                                                                                                                                          • Instruction ID: 75517d41d6d53fa5f8d0dc692777c1337da9f4539e43f9e63cfd80f4a8b17ec4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 484c31d8009d3c934941a8755aed385179bbf15f226cff055a72e9445e03809f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2F06862A09A8240E744AFE1D4813BC6354DF91BCCF180539EF6D4B796CE3C94548226
                                                                                                                                                                                                                                          Function 00007FF8E74B2C58 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_new$R_flagsR_key_lengthX_freeX_reset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c
                                                                                                                                                                                                                                          • API String ID: 3297287953-4043206075
                                                                                                                                                                                                                                          • Opcode ID: ca4ceb4f2587bdf2ae6dc213caa406cb577c8c0f0a96e67e7e0e98c5cc8e6fd6
                                                                                                                                                                                                                                          • Instruction ID: 22492be996441f6f929f6ec084e05e81b9adfc9a34cb83ecd3a51c16ee9d420f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca4ceb4f2587bdf2ae6dc213caa406cb577c8c0f0a96e67e7e0e98c5cc8e6fd6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B931AD72605B4186E7919BA6E8417AD3790FB48B8CF084135EF1D8B390DF3DE889C711
                                                                                                                                                                                                                                          Function 00007FF8E74A2480 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140 ref: 00007FF8E74A2557
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF8E74A1117
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF8E74A111F
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FF8E74A1131
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FF8E74A1139
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF8E74A1152
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF8E74A115A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FF8E74A1170
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8E7451267: BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF8E74A11EB
                                                                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF8E74A2687
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlR_flagsX_cipher$D_sizeX_block_sizeX_mdmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 1483294773-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 98de801a3f2b175bbd159d89159e9db9b8e9e575bfd4e97801c1b86f7765d743
                                                                                                                                                                                                                                          • Instruction ID: a5fce0ea11a5a349a5d7a13df035ef60f8bd94e120197a97911837fa6a4c2bbe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98de801a3f2b175bbd159d89159e9db9b8e9e575bfd4e97801c1b86f7765d743
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5661AB32205BC492D794DB56E9847AE77A8FB88B88F104136EFAC43755DF39D468C701
                                                                                                                                                                                                                                          Function 00007FF8E745157D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-2723262194
                                                                                                                                                                                                                                          • Opcode ID: b5f06a5156c54541bc11db9f1193abc54057ffbffa802efeee5093edbc58cbf4
                                                                                                                                                                                                                                          • Instruction ID: 1e5e936df58375cc47638e6457de00b40535b1a35c491c06e6c13c5ec5e69932
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f06a5156c54541bc11db9f1193abc54057ffbffa802efeee5093edbc58cbf4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9231C37271878A86FB658B86E4003BD6694FB84BC8F144035EF6D477A1DF3CE6058701
                                                                                                                                                                                                                                          Function 00007FF8E7451C76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: dfe0a28190d3bb306a5ab9e7b80eac4a273ade3ce3238907b7809d02a6844b75
                                                                                                                                                                                                                                          • Instruction ID: b6db066207cdff923f956e95110bf4e9debfdb15116f5a2090aa4703e40fefe3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfe0a28190d3bb306a5ab9e7b80eac4a273ade3ce3238907b7809d02a6844b75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8216072B1854282FB919BA1D8007FD2395EF84788F858031DE2C87795DF3DE649C752
                                                                                                                                                                                                                                          Function 00007FF8E745167C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 3946675294-348624464
                                                                                                                                                                                                                                          • Opcode ID: e67b38d78be092d302e41e29f61775a5bcdef68ab473459cc47ee271f95c155c
                                                                                                                                                                                                                                          • Instruction ID: 6d20175c14409bcfa4a4e83cd7aad24866589b2895c8537651b5cf2196eed82b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e67b38d78be092d302e41e29f61775a5bcdef68ab473459cc47ee271f95c155c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4421DE21A0868286F750DB95E4847BD2790FB847CCF804036EA5C83796DFBCE449C706
                                                                                                                                                                                                                                          Function 00007FF8E746D0ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: IDEA(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-2727354722
                                                                                                                                                                                                                                          • Opcode ID: d3798f08cf02471d4f1060ec077bf636543d0dd622d72d8044ab85da036a5ca3
                                                                                                                                                                                                                                          • Instruction ID: d5af008eb4713ada1d483c4bf66504e7ccfe8e6677908f9bad3788994ed78f02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3798f08cf02471d4f1060ec077bf636543d0dd622d72d8044ab85da036a5ca3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF11A872D0C74341FA74AAE8E5843BD5651BB453D8F450132DD7D13AA4CE7CE98C8E42
                                                                                                                                                                                                                                          Function 00007FF8E7456FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                          • Opcode ID: 38bc638285714f8673654ce0a6927bc61df2c2199d4dc0b12482ca57c550bfb1
                                                                                                                                                                                                                                          • Instruction ID: 6c99cc861afb6efabb9b731a74ad93fa0ad2d2cc17bfafd8cacf25d57a9aef57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38bc638285714f8673654ce0a6927bc61df2c2199d4dc0b12482ca57c550bfb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 410126E2B1864982DF60DF69F80125867A1EBCC7C8B449031EA5DCBB65EE3CD2498B01
                                                                                                                                                                                                                                          Function 00007FF8E74510DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2612806732.00007FF8E7451000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8E7450000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612788905.00007FF8E7450000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612806732.00007FF8E74C3000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612872965.00007FF8E74C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612898448.00007FF8E74E9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74F4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2612917442.00007FF8E74FB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7450000_main.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: +$..\s\ssl\pqueue.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-3697747608
                                                                                                                                                                                                                                          • Opcode ID: 9685303cabc09cb1119bec01cb78dca3706297f947492fb1b6b8859329e60abf
                                                                                                                                                                                                                                          • Instruction ID: af4be3efdee994697d9f531c012d1621925d7e63e600b1e263dadc72df9ef784
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9685303cabc09cb1119bec01cb78dca3706297f947492fb1b6b8859329e60abf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2F0A025A1910396EB10AB90D4047ED2365EF54388F400031EB2D033A1EF3CBA4DDE02